Skip to main content
CVE-2016-7406 CRITICAL PATCH Act Now

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.3%.

RCE Dropbear Ssh
NVD
CVSS 3.0
9.8
EPSS
25.3%
CVE-2016-10204 CRITICAL POC Act Now

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-5830 CRITICAL PATCH Act Now

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Revive Adserver
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2016-10193 CRITICAL PATCH Act Now

The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Espeak Ruby
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-7407 CRITICAL PATCH Act Now

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE SSH Dropbear Ssh
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-10194 CRITICAL PATCH Act Now

The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Festivaltts4R
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-10127 CRITICAL PATCH Act Now

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Pysaml2
NVD GitHub
CVSS 3.0
9.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy