PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.2%.
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.