Skip to main content
CVE-2016-0728 HIGH POC THREAT Act Now

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 49.2%.

Denial Of Service Linux Android Server Migration Pack Linux Kernel +2
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
49.2%
Threat
4.5
CVE-2015-8787 CRITICAL PATCH Act Now

The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Null Pointer Dereference Linux Kernel
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2015-3252 CRITICAL Act Now

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Cloudstack
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-2230 CRITICAL Act Now

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openelec
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2015-8360 CRITICAL PATCH Act Now

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian RCE Java Bamboo
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2014-9757 CRITICAL PATCH Act Now

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian RCE Java Bamboo
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-2200 HIGH This Week

Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic S7 1500 Cpu Firmware
NVD
CVSS 3.0
7.5
EPSS
9.2%
CVE-2015-8361 CRITICAL PATCH Act Now

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Bamboo
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2015-7566 MEDIUM POC This Month

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Real Time Extension +2
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
0.5%
CVE-2016-0603 HIGH This Week

Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Information Disclosure Java Microsoft Jre +1
NVD
CVSS 2.0
7.6
EPSS
3.0%
CVE-2015-8539 HIGH PATCH This Week

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Denial Of Service Privilege Escalation Linux Ubuntu Linux Linux Enterprise Real Time Extension +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-2091 LOW POC Monitor

The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libdwarf
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2015-8709 HIGH This Week

kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2268 MEDIUM PATCH This Month

Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Apple Information Disclosure Dell Secureworks
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2016-0723 MEDIUM This Month

Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-2089 MEDIUM This Month

The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jasper
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2015-7513 MEDIUM PATCH This Month

arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2015-8767 MEDIUM PATCH This Month

net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2015-8785 MEDIUM PATCH This Month

The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Linux Enterprise Real Time Extension
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2013-4312 MEDIUM PATCH This Month

The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.0
6.2
EPSS
0.0%
CVE-2016-2214 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Agile Controller Campus
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-2201 MEDIUM This Month

Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Siemens Simatic S7 1500 Cpu Firmware
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2016-2048 MEDIUM PATCH This Month

Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python Authentication Bypass Django
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-7550 MEDIUM This Month

The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-3251 MEDIUM This Month

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2015-2012 MEDIUM This Month

The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
4.0
EPSS
0.0%
CVE-2015-8575 MEDIUM This Month

The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy