Skip to main content
CVE-2015-8770 HIGH POC PATCH THREAT Act Now

Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 28.3%.

Path Traversal RCE PHP Roundcube Webmail
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
28.3%
CVE-2016-1879 HIGH POC THREAT Act Now

The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.2%.

Denial Of Service Freebsd
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
18.2%
CVE-2015-8793 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Webmail
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8789 CRITICAL Act Now

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size". Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libebml
NVD GitHub
CVSS 3.0
9.6
EPSS
0.4%
CVE-2015-8772 CRITICAL Act Now

McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service File Lock
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2016-0738 HIGH PATCH This Week

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Swift
NVD GitHub
CVSS 3.0
7.5
EPSS
5.8%
CVE-2016-0737 HIGH PATCH This Week

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Swift
NVD
CVSS 3.0
7.5
EPSS
5.8%
CVE-2015-7521 HIGH PATCH This Week

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Hive
NVD
CVSS 3.0
8.3
EPSS
0.4%
CVE-2015-7464 HIGH PATCH This Week

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Jazz Reporting Service
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-1882 HIGH PATCH This Week

FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freebsd
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-8773 HIGH This Week

Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Hashicorp File Lock
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-1493 HIGH PATCH This Week

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Intel RCE Driver Update Utility
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-0755 HIGH This Week

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Curl Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2015-8794 MEDIUM PATCH This Month

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Roundcube Webmail
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-0756 MEDIUM PATCH This Month

The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Prosody
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2016-0754 MEDIUM This Month

cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Curl
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2015-8792 MEDIUM PATCH This Month

The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libmatroska Leap Opensuse
NVD GitHub
CVSS 3.0
5.3
EPSS
0.3%
CVE-2015-8790 MEDIUM This Month

The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libebml
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2015-8791 MEDIUM This Month

The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libebml
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy