Skip to main content
CVE-2016-6210 MEDIUM POC THREAT This Month

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 90.0%.

SSH Information Disclosure
NVD Exploit-DB VulDB
CVSS 3.1
5.9
EPSS
90.0%
Threat
5.4
CVE-2016-8367 MEDIUM This Month

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

Denial Of Service Microsoft Schneider Electric Magelis Gtu Universal Panel Firmware Magelis Gto Advanced Optimum Panel Firmware +6
NVD
CVSS 3.1
5.3
EPSS
13.7%
CVE-2016-9337 MEDIUM This Month

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Gateway Ecu
NVD
CVSS 3.0
6.8
EPSS
0.9%
CVE-2016-9345 MEDIUM This Month

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Rated medium severity (CVSS 6.8). No vendor patch available.

Privilege Escalation Deltav
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2016-9360 MEDIUM This Month

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Cimplicity Historian Ifix
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2015-8750 MEDIUM PATCH This Month

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libdwarf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2016-8362 MEDIUM This Month

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oncellg3470A Lte Firmware Awk 4131A Firmware Awk 3191 Firmware Awk 5232 Firmware +10
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-8353 MEDIUM This Month

An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pi Web Api 2015 R2
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2016-8350 MEDIUM This Month

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Iologik E1200 Series Firmware Iologik E2200 Series Firmware
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2016-8359 MEDIUM This Month

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Iologik E1200 Series Firmware Iologik E2200 Series Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2014-9760 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gosa
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2016-9371 MEDIUM This Month

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nport 5100 Series Firmware Nport 5200 Series Firmware Nport 5400 Series Firmware Nport 5600 Series Firmware +6
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-8376 MEDIUM This Month

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Webdatorcentral
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5157 MEDIUM This Month

An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Schneider Electric Homelynk Controller Lss100100 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-5164 MEDIUM This Month

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Universal Multifunctional Electric Power Quality Meter Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5811 MEDIUM This Month

An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Powerlink2 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2016-2274 MEDIUM This Month

An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A850 Telemetry Gateway Base Station Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-5163 MEDIUM PATCH This Month

An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gecko Lite Managed Switch Firmware
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2017-5141 MEDIUM This Month

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Honeywell Information Disclosure Xl Web Ii Controller
NVD
CVSS 3.0
6.0
EPSS
0.5%
CVE-2017-3896 MEDIUM This Month

Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Intel Information Disclosure Mcafee Agent
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2016-9357 MEDIUM This Month

An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Eamxxx Series Epdu Firmware Emaxxx Series Epdu Firmware Eamaxx Series Epdu Firmware Emaaxx Series Epdu Firmware +1
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2016-9354 MEDIUM This Month

An issue was discovered in Moxa DACenter Versions 1.4 and older. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dacenter
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-9339 MEDIUM This Month

An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Interschalt Vdr G4E Firmware
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2016-4546 MEDIUM This Month

Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Samsung Mobile
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-3902 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Intel Java Epolicy Orchestrator
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1121 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-5813 MEDIUM This Month

An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerlink2 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9355 MEDIUM This Month

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alaris 8015 Pc Unit
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-2787 MEDIUM This Month

The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9346 MEDIUM This Month

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Miineport E1 Firmware Miineport E2 Firmware Miineport E3 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9347 MEDIUM This Month

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Se4801T0X Redundant Wireless I O Card Firmware Se4801T1X Simplex Wireless I O Card Firmware
NVD
CVSS 3.0
5.0
EPSS
0.1%
CVE-2016-8375 MEDIUM This Month

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Alaris 8015 Pc Unit
NVD
CVSS 3.0
4.9
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy