exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 18 769

CVE-2016-7161

больше 5 лет назад

CVSS3: 9.8

EPSS: Средний

CVE-2016-6664

больше 5 лет назад

CVSS3: 7

EPSS: Средний

CVE-2016-6210

5 месяцев назад

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

CVSS3: 5.9

EPSS: Критический

CVE-2016-5386

5 месяцев назад

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

EPSS: Высокий

CVE-2016-4912

4 месяца назад

The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service

CVSS3: 7.5

EPSS: Низкий

CVE-2016-4074

больше 5 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2016-3959

5 месяцев назад

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

EPSS: Низкий

CVE-2016-3709

больше 3 лет назад

CVSS3: 6.1

EPSS: Низкий

CVE-2016-3697

больше 4 лет назад

CVSS3: 7.8

EPSS: Низкий

CVE-2016-3396

больше 9 лет назад

GDI+ Remote Code Execution Vulnerability

EPSS: Средний

CVE-2016-3393

больше 9 лет назад

GDI+ Remote Code Execution Vulnerability

CVSS3: 8.8

EPSS: Средний

CVE-2016-3392

больше 9 лет назад

Internet Explorer Security Feature Bypass Vulnerability

EPSS: Низкий

CVE-2016-3391

больше 9 лет назад

Microsoft Browser Information Disclosure Vulnerability

EPSS: Средний

CVE-2016-3390

больше 9 лет назад

Scripting Engine Memory Corruption Vulnerability

CVSS3: 7.1

EPSS: Средний

CVE-2016-3389

больше 9 лет назад

Scripting Engine Memory Corruption Vulnerability

EPSS: Средний

CVE-2016-3388

больше 9 лет назад

Microsoft Browser Elevation of Privilege Vulnerability

EPSS: Средний

CVE-2016-3387

больше 9 лет назад

Microsoft Browser Elevation of Privilege Vulnerability

EPSS: Средний

CVE-2016-3386

больше 9 лет назад

Scripting Engine Memory Corruption Vulnerability

EPSS: Высокий

CVE-2016-3385

больше 9 лет назад

Scripting Engine Memory Corruption Vulnerability

EPSS: Средний

CVE-2016-3384

больше 9 лет назад

Microsoft Browser Memory Corruption Vulnerability

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2016-7161	CVSS3: 9.8	20% Средний	больше 5 лет назад
CVE-2016-6664	CVSS3: 7	45% Средний	больше 5 лет назад
CVE-2016-6210 sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.	CVSS3: 5.9	92% Критический	5 месяцев назад
CVE-2016-5386 The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.		82% Высокий	5 месяцев назад
CVE-2016-4912 The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service	CVSS3: 7.5	1% Низкий	4 месяца назад
CVE-2016-4074	CVSS3: 7.5	1% Низкий	больше 5 лет назад
CVE-2016-3959 The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.		2% Низкий	5 месяцев назад
CVE-2016-3709	CVSS3: 6.1	0% Низкий	больше 3 лет назад
CVE-2016-3697	CVSS3: 7.8	0% Низкий	больше 4 лет назад
CVE-2016-3396 GDI+ Remote Code Execution Vulnerability		32% Средний	больше 9 лет назад
CVE-2016-3393 GDI+ Remote Code Execution Vulnerability	CVSS3: 8.8	41% Средний	больше 9 лет назад
CVE-2016-3392 Internet Explorer Security Feature Bypass Vulnerability		9% Низкий	больше 9 лет назад
CVE-2016-3391 Microsoft Browser Information Disclosure Vulnerability		27% Средний	больше 9 лет назад
CVE-2016-3390 Scripting Engine Memory Corruption Vulnerability	CVSS3: 7.1	23% Средний	больше 9 лет назад
CVE-2016-3389 Scripting Engine Memory Corruption Vulnerability		19% Средний	больше 9 лет назад
CVE-2016-3388 Microsoft Browser Elevation of Privilege Vulnerability		47% Средний	больше 9 лет назад
CVE-2016-3387 Microsoft Browser Elevation of Privilege Vulnerability		33% Средний	больше 9 лет назад
CVE-2016-3386 Scripting Engine Memory Corruption Vulnerability		78% Высокий	больше 9 лет назад
CVE-2016-3385 Scripting Engine Memory Corruption Vulnerability		31% Средний	больше 9 лет назад
CVE-2016-3384 Microsoft Browser Memory Corruption Vulnerability		21% Средний	больше 9 лет назад

Уязвимостей на страницу