Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-06 | CVE-2016-1549 | Data Processing Errors vulnerability in NTP 4.2.8 A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. | 6.5 |
| 2017-01-06 | CVE-2016-1548 | Data Processing Errors vulnerability in NTP 4.2.8 An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. | 7.2 |
| 2017-01-06 | CVE-2016-1547 | Improper Input Validation vulnerability in NTP An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. | 5.3 |
| 2017-01-06 | CVE-2015-7848 | Integer Overflow or Wraparound vulnerability in NTP Ntp-Dev 4.3.70 An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. | 7.5 |
| 2017-01-06 | CVE-2015-2868 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trane Comfortlink II Firmware 2.0.2 An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. | 9.8 |
| 2017-01-06 | CVE-2015-2867 | Use of Hard-coded Credentials vulnerability in Trane Comfortlink II Firmware 2.0.2 A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | 9.8 |
| 2017-01-05 | CVE-2017-5179 | Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-01-05 | CVE-2016-8006 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Security Information and Event Management 9.6.0 Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands. | 4.4 |
| 2017-01-05 | CVE-2016-6892 | Use After Free vulnerability in Matrixssl The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. | 7.5 |
| 2017-01-05 | CVE-2016-6891 | Out-of-bounds Read vulnerability in Matrixssl MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. | 7.5 |