Skip to main content
CVE-2016-8361 HIGH This Week

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenesys Bas Bridge
NVD
CVSS 3.0
8.6
EPSS
0.4%
CVE-2016-8358 HIGH This Week

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cadd Solis Medication Safety Software
NVD
CVSS 3.0
8.5
EPSS
0.1%
CVE-2017-5168 HIGH PATCH This Week

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE Smart Security Manager
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2016-8360 HIGH This Week

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service RCE Softcms
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2016-8356 HIGH This Week

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webdatorcentral
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-8372 HIGH This Week

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Iologik E1200 Series Firmware Iologik E2200 Series Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2016-8379 HIGH This Week

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Iologik E1200 Series Firmware Iologik E2200 Series Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2016-8367 MEDIUM This Month

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

Denial Of Service Microsoft Schneider Electric Magelis Gtu Universal Panel Firmware Magelis Gto Advanced Optimum Panel Firmware +6
NVD
CVSS 3.1
5.3
EPSS
13.7%
CVE-2016-9364 HIGH This Week

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Fx 2030A Firmware Fx 2030A Basic Firmware
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-5805 HIGH This Week

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Ispsoft Pmsoft +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-5798 HIGH This Week

An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Automation Fv Designer Automation Pm Designer
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-5802 HIGH This Week

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ispsoft Pmsoft Wplsoft
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-2568 HIGH This Week

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Polkit Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-8566 HIGH This Week

An issue was discovered in Siemens SICAM PAS before 8.00. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sicam Pas Pqs
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-5153 HIGH This Week

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pi Coresight Pi Web Api
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9356 HIGH This Week

An issue was discovered in Moxa DACenter Versions 1.4 and older. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dacenter
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9353 HIGH This Week

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Susiaccess
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3995 HIGH PATCH This Week

The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Crypto
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-7987 HIGH This Week

An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure Eta4 Firmware Eta2 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-5165 HIGH This Week

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Universal Multifunctional Electric Power Quality Meter Firmware
NVD
CVSS 3.0
7.6
EPSS
0.1%
CVE-2016-9363 HIGH This Week

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
1.6%
CVE-2016-4547 HIGH This Week

Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-9367 HIGH This Week

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2016-8374 HIGH This Week

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Schneider Electric Magelis Gtu Universal Panel Firmware Magelis Gto Advanced Optimum Panel Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2016-5786 HIGH This Week

An issue was discovered in OmniMetrix OmniView, Version 1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Omniview
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-5801 HIGH This Week

An issue was discovered in OmniMetrix OmniView, Version 1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Omniview
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-10026 HIGH This Week

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ikiwiki
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-9344 HIGH This Week

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Miineport E1 Firmware Miineport E2 Firmware Miineport E3 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-5169 HIGH PATCH This Week

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE Redis CSRF Apache Smart Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2016-8370 HIGH This Week

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qj71E71 100 Firmware Qj71E71 B5 Firmware Qj71E71 B2 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2016-8346 HIGH This Week

An issue was discovered in Moxa EDR-810 Industrial Secure Router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Edr 810 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6129 HIGH PATCH This Week

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2017-5155 HIGH This Week

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Wonderware Historian
NVD
CVSS 3.0
7.3
EPSS
0.6%
CVE-2016-8495 HIGH This Week

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortimanager Firmware
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2017-5151 HIGH This Week

An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Video Insight Web Client
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2016-9334 HIGH This Week

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure 1763 L16Awa Series A 1763 L16Awa Series B 1763 L16Bbb Series A +17
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2016-10224 HIGH This Week

An issue was discovered in Sauter NovaWeb web HMI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Novaweb Web Hmi
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2017-5161 HIGH This Week

An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. Rated high severity (CVSS 7.2). No vendor patch available.

Information Disclosure Winlog Lite Winlog Pro
NVD
CVSS 3.0
7.2
EPSS
0.1%
CVE-2016-8357 HIGH This Week

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenesys Bas Bridge
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-8354 HIGH This Week

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Code Injection Schneider Electric Unity Pro
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-8659 HIGH PATCH This Week

Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. Rated high severity (CVSS 7.0).

Privilege Escalation Bubblewrap
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-9337 MEDIUM This Month

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Gateway Ecu
NVD
CVSS 3.0
6.8
EPSS
0.9%
CVE-2016-9345 MEDIUM This Month

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Rated medium severity (CVSS 6.8). No vendor patch available.

Privilege Escalation Deltav
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2016-9360 MEDIUM This Month

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Cimplicity Historian Ifix
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2015-8750 MEDIUM PATCH This Month

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libdwarf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2016-8362 MEDIUM This Month

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oncellg3470A Lte Firmware Awk 4131A Firmware Awk 3191 Firmware Awk 5232 Firmware +10
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-8353 MEDIUM This Month

An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pi Web Api 2015 R2
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2016-8350 MEDIUM This Month

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Iologik E1200 Series Firmware Iologik E2200 Series Firmware
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2016-8359 MEDIUM This Month

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Iologik E1200 Series Firmware Iologik E2200 Series Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2014-9760 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gosa
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy