Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
Max CVSS
5.4
EPSS Score
0.07%
Published
2016-08-31
Updated
2016-11-28
fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-08-31
Updated
2016-11-28
Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.
Max CVSS
9.8
EPSS Score
0.48%
Published
2016-08-30
Updated
2016-11-28
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.
Max CVSS
7.8
EPSS Score
0.06%
Published
2016-08-24
Updated
2016-11-28
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
Max CVSS
10.0
EPSS Score
96.19%
Published
2016-08-24
Updated
2019-05-22
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.
Max CVSS
8.8
EPSS Score
0.13%
Published
2016-08-07
Updated
2017-11-04
Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.16%
Published
2016-08-07
Updated
2017-11-04
Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.
Max CVSS
8.6
EPSS Score
0.21%
Published
2016-08-10
Updated
2018-10-09
Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.
Max CVSS
7.4
EPSS Score
0.07%
Published
2016-08-06
Updated
2016-11-28
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Max CVSS
7.8
EPSS Score
4.50%
Published
2016-08-07
Updated
2022-12-13
epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.9
EPSS Score
0.27%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.
Max CVSS
5.9
EPSS Score
1.51%
Published
2016-08-06
Updated
2017-09-03
epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
Max CVSS
5.9
EPSS Score
0.35%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
Max CVSS
5.9
EPSS Score
1.37%
Published
2016-08-06
Updated
2017-09-03
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
Max CVSS
5.9
EPSS Score
1.31%
Published
2016-08-06
Updated
2017-09-03
The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.9
EPSS Score
1.51%
Published
2016-08-06
Updated
2017-09-03
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
Max CVSS
9.8
EPSS Score
0.36%
Published
2016-08-19
Updated
2016-08-23
Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.07%
Published
2016-08-08
Updated
2016-11-28
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
Max CVSS
5.1
EPSS Score
0.10%
Published
2016-08-06
Updated
2018-01-05
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-08-25
Updated
2016-12-12
409 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!