Skip to main content
CVE-2016-3976 HIGH POC KEV THREAT Act Now

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Path Traversal SAP
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
81.5%
Threat
6.9
CVE-2016-0792 HIGH POC PATCH THREAT Act Now

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

RCE Jenkins Openshift
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
90.9%
Threat
6.0
CVE-2016-2098 HIGH POC PATCH THREAT Act Now

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.4%.

RCE Debian Linux Rails Ruby On Rails
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
87.4%
Threat
5.6
CVE-2016-1531 HIGH POC THREAT Act Now

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 56.8%.

Privilege Escalation Exim
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
56.8%
Threat
4.6
CVE-2016-3947 HIGH PATCH Act Now

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 75.4%.

Denial Of Service Buffer Overflow Squid Ubuntu Linux
NVD
CVSS 3.0
8.2
EPSS
75.4%
CVE-2016-3948 HIGH PATCH Act Now

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 69.6%.

Denial Of Service Buffer Overflow Squid
NVD
CVSS 3.0
7.5
EPSS
69.6%
CVE-2016-2510 HIGH POC PATCH THREAT Act Now

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 42.9%.

RCE Java Beanshell Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
42.9%
Threat
4.4
CVE-2016-0888 HIGH This Week

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Documentum D2
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2016-1714 HIGH This Week

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow Openstack Linux +1
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-2216 HIGH PATCH This Week

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Authentication Bypass Node Js Fedora
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2015-8319 HIGH This Week

Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei Mate S Firmware P8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8318 HIGH This Week

Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei P8 Firmware Mate S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8681 HIGH This Week

The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass P8 Firmware Mate S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8680 HIGH This Week

The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass P8 P8 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8307 HIGH PATCH This Week

The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Huawei Authentication Bypass Mate S Firmware P8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2086 HIGH PATCH This Week

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Node.js Node Js Fedora
NVD
CVSS 3.0
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy