Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2016
CVE-2015-8917
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
CVSS Score
7.5
EPSS Score
0.056
Published
2016-09-20
CVE-2015-8916
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CVSS Score
6.5
EPSS Score
0.009
Published
2016-09-20
CVE-2015-8915
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-09-20
CVE-2016-6537
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.
CVSS Score
7.5
EPSS Score
0.002
Published
2016-09-19
CVE-2016-6536
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.
CVSS Score
9.8
EPSS Score
0.008
Published
2016-09-19
CVE-2016-6535
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session.
CVSS Score
9.8
EPSS Score
0.007
Published
2016-09-19
CVE-2016-6415
Known exploited
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
CVSS Score
7.5
EPSS Score
0.929
Published
2016-09-19
CVE-2016-5814
Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.
CVSS Score
8.6
EPSS Score
0.003
Published
2016-09-19
CVE-2016-4860
Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command.
CVSS Score
7.3
EPSS Score
0.009
Published
2016-09-19
CVE-2016-4526
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.
CVSS Score
7.5
EPSS Score
0.001
Published
2016-09-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved