Skip to main content
CVE-2015-5344 CRITICAL PATCH Act Now

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Apache Camel
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2015-8747 CRITICAL PATCH Act Now

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Radicale
NVD GitHub
CVSS 3.0
10.0
EPSS
1.8%
CVE-2016-1906 CRITICAL PATCH Act Now

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Kubernetes
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2016-1505 CRITICAL PATCH Act Now

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Radicale
NVD GitHub
CVSS 3.0
10.0
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy