Skip to main content
CVE-2015-5254 CRITICAL PATCH Act Now

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 80.4%.

RCE Java Apache Openshift Activemq +1
NVD
CVSS 3.0
9.8
EPSS
80.4%
Threat
4.4
CVE-2015-8668 CRITICAL POC Act Now

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow RCE Libtiff +5
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2015-8261 CRITICAL POC Act Now

The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Whatsup Gold
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.4%
CVE-2015-7554 CRITICAL POC Act Now

The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2015-7512 CRITICAL Act Now

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.1% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Qemu Enterprise Linux Desktop +7
NVD
CVSS 3.1
9.0
EPSS
21.1%
CVE-2015-7541 CRITICAL PATCH Act Now

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection RCE Colorscore
NVD GitHub
CVSS 3.0
10.0
EPSS
1.3%
CVE-2015-8557 CRITICAL PATCH Act Now

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Ubuntu Linux Pygments
NVD
CVSS 3.0
9.0
EPSS
5.7%
CVE-2015-8753 CRITICAL Act Now

SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation SAP Afaria
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2015-8761 CRITICAL PATCH Act Now

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Values
NVD
CVSS 3.0
9.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy