Skip to main content
CVE-2016-3976 HIGH POC KEV THREAT Act Now

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Path Traversal SAP
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
81.5%
Threat
6.9
CVE-2016-1019 CRITICAL KEV PATCH THREAT Act Now

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 72.4%.

Adobe Denial Of Service RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
72.4%
Threat
5.6
CVE-2016-0792 HIGH POC PATCH THREAT Act Now

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

RCE Jenkins Openshift
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
90.9%
Threat
6.0
CVE-2016-2098 HIGH POC PATCH THREAT Act Now

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.4%.

RCE Debian Linux Rails Ruby On Rails
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
87.4%
Threat
5.6
CVE-2016-1531 HIGH POC THREAT Act Now

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 56.8%.

Privilege Escalation Exim
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
56.8%
Threat
4.6
CVE-2016-3947 HIGH PATCH Act Now

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 75.4%.

Denial Of Service Buffer Overflow Squid Ubuntu Linux
NVD
CVSS 3.0
8.2
EPSS
75.4%
CVE-2016-3948 HIGH PATCH Act Now

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 69.6%.

Denial Of Service Buffer Overflow Squid
NVD
CVSS 3.0
7.5
EPSS
69.6%
CVE-2016-2510 HIGH POC PATCH THREAT Act Now

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 42.9%.

RCE Java Beanshell Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
42.9%
Threat
4.4
CVE-2016-2563 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Denial Of Service RCE Buffer Overflow Kitty Putty
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
28.6%
Threat
4.3
CVE-2016-2851 CRITICAL POC THREAT Emergency

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.1%.

Denial Of Service RCE Buffer Overflow Debian Linux Leap +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
23.1%
Threat
4.2
CVE-2016-0729 CRITICAL POC THREAT Emergency

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Denial Of Service RCE Buffer Overflow Apache X14J Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
23.0%
Threat
4.2
CVE-2016-0788 CRITICAL PATCH Act Now

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.4%.

Jenkins RCE Privilege Escalation Openshift
NVD
CVSS 3.0
9.8
EPSS
37.4%
CVE-2016-3974 CRITICAL POC THREAT Emergency

XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Denial Of Service XXE SAP Java Netweaver Application Server Java
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
13.9%
CVE-2016-3975 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2016-2511 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Debian Linux Websvn
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-0791 CRITICAL PATCH Act Now

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-0888 HIGH This Week

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Documentum D2
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2016-1714 HIGH This Week

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow Openstack Linux +1
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-2216 HIGH PATCH This Week

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Authentication Bypass Node Js Fedora
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2015-8319 HIGH This Week

Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei Mate S Firmware P8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8318 HIGH This Week

Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei P8 Firmware Mate S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8681 HIGH This Week

The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass P8 Firmware Mate S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8680 HIGH This Week

The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass P8 P8 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8307 HIGH PATCH This Week

The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Huawei Authentication Bypass Mate S Firmware P8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2086 HIGH PATCH This Week

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Node.js Node Js Fedora
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-1563 MEDIUM This Month

NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-0734 MEDIUM PATCH This Month

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Activemq
NVD
CVSS 3.0
6.1
EPSS
3.0%
CVE-2016-2858 MEDIUM PATCH This Month

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-2789 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Citrix Xenmobile Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-0789 MEDIUM PATCH This Month

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jenkins Code Injection Openshift
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2015-2774 MEDIUM This Month

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Erlang Otp Solaris Opensuse
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2016-2097 MEDIUM PATCH This Month

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rails Ruby On Rails
NVD
CVSS 3.0
5.3
EPSS
1.9%
CVE-2015-8305 MEDIUM This Month

Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8679 MEDIUM This Month

The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Mate S Firmware P8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3973 MEDIUM This Month

The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Java Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2016-0790 MEDIUM PATCH This Month

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy