Skip to main content
CVE-2016-2324 CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
22.1%
CVE-2016-2315 CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
17.7%
CVE-2016-2381 HIGH Act Now

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.4% and no vendor patch available.

Authentication Bypass Perl Debian Linux Communications Billing And Revenue Management Configuration Manager +6
NVD
CVSS 3.1
7.5
EPSS
27.4%
CVE-2015-6541 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zimbra Collaboration Server
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-3978 MEDIUM POC This Month

The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.0
6.1
EPSS
5.4%
CVE-2016-3963 MEDIUM POC This Month

Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Siemens Scalance S613
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
6.5%
CVE-2016-3154 CRITICAL PATCH Act Now

The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Spip
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-3153 CRITICAL PATCH Act Now

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Debian Linux Spip
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-3984 MEDIUM POC This Month

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1,. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Active Response Agent Data Exchange Layer +4
NVD Exploit-DB
CVSS 3.0
5.1
EPSS
0.3%
CVE-2015-8840 HIGH This Week

The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2016-3979 HIGH This Week

Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Java Buffer Overflow Java As
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2016-3980 HIGH This Week

The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Java Application Server Java
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2015-5229 HIGH This Week

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-2512 HIGH PATCH This Week

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django
NVD GitHub
CVSS 3.0
7.4
EPSS
1.2%
CVE-2016-3983 HIGH This Week

McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Threat Defense
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-3188 HIGH PATCH This Week

The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Prepopulate
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2016-3187 HIGH PATCH This Week

The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Prepopulate
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2015-5969 MEDIUM This Month

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Opensuse Linux Enterprise Desktop Linux Enterprise Server +2
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-1180 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Social Button Premium
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-1375 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Ip Interoperability And Collaboration System
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-2513 LOW PATCH Monitor

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Django
NVD GitHub
CVSS 3.0
3.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy