Skip to main content
CVE-2015-5344 CRITICAL PATCH Act Now

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Apache Camel
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2015-8747 CRITICAL PATCH Act Now

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Radicale
NVD GitHub
CVSS 3.0
10.0
EPSS
1.8%
CVE-2016-1906 CRITICAL PATCH Act Now

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Kubernetes
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2016-1505 CRITICAL PATCH Act Now

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Radicale
NVD GitHub
CVSS 3.0
10.0
EPSS
1.4%
CVE-2015-7537 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Jenkins Openshift
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2015-7538 HIGH PATCH This Week

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Jenkins Openshift
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-1905 HIGH PATCH This Week

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Authentication Bypass
NVD GitHub
CVSS 3.0
7.7
EPSS
0.2%
CVE-2015-7539 HIGH PATCH This Week

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Jenkins Openshift
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2015-7546 HIGH PATCH This Week

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Python Authentication Bypass Keystonemiddleware Keystone Solaris
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2016-2213 MEDIUM This Month

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ffmpeg
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2015-7536 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Jenkins
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-8748 MEDIUM PATCH This Month

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Radicale
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy