CVE-2016-7798
- EPSS 3.17%
- Veröffentlicht 30.01.2017 22:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
CVE-2016-9119
- EPSS 1.45%
- Veröffentlicht 30.01.2017 22:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-2518
- EPSS 15.08%
- Veröffentlicht 30.01.2017 21:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
CVE-2016-9939
- EPSS 4.2%
- Veröffentlicht 30.01.2017 21:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then t...
CVE-2015-7977
- EPSS 6.35%
- Veröffentlicht 30.01.2017 21:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
CVE-2017-5610
- EPSS 5.06%
- Veröffentlicht 30.01.2017 04:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.
CVE-2017-5611
- EPSS 9.93%
- Veröffentlicht 30.01.2017 04:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post typ...
CVE-2017-5612
- EPSS 2.87%
- Veröffentlicht 30.01.2017 04:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
CVE-2017-5202
- EPSS 3.81%
- Veröffentlicht 28.01.2017 01:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
CVE-2017-5203
- EPSS 3.81%
- Veröffentlicht 28.01.2017 01:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().