Skip to main content
CVE-2016-0710 HIGH POC PATCH THREAT Act Now

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.2%.

SQLi Apache Jetspeed
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
79.2%
Threat
5.6
CVE-2016-0709 HIGH POC PATCH THREAT Act Now

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.9%.

Path Traversal RCE Apache Jetspeed
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
70.9%
Threat
5.1
CVE-2015-8399 MEDIUM POC THREAT This Month

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Atlassian Information Disclosure Confluence
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
93.0%
Threat
5.2
CVE-2016-2385 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.3%.

Denial Of Service RCE Buffer Overflow Debian Linux Kamailio
NVD Exploit-DB GitHub
CVSS 3.0
9.8
EPSS
25.3%
Threat
4.2
CVE-2015-8604 HIGH POC This Week

SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-3659 HIGH POC This Week

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-0784 MEDIUM POC PATCH This Month

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Apache Openmeetings
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
6.1%
CVE-2015-0266 HIGH POC PATCH This Week

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Apache Ranger
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-2171 HIGH PATCH Act Now

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.6%.

Privilege Escalation Apache Jetspeed
NVD
CVSS 3.0
7.5
EPSS
16.6%
CVE-2015-8710 CRITICAL PATCH Act Now

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Libxml2 Debian Linux
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2016-0712 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Jetspeed
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2016-0711 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Jetspeed
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2015-0265 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Ranger
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2015-8398 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Confluence
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-3065 CRITICAL PATCH Act Now

The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Privilege Escalation PostgreSQL
NVD
CVSS 3.0
9.1
EPSS
1.1%
CVE-2016-1235 HIGH PATCH This Week

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSH Privilege Escalation Oar Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2015-7330 HIGH This Week

Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-0735 HIGH PATCH This Week

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Apache Ranger
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3675 HIGH This Week

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Huawei Policy Center Firmware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2015-5349 HIGH PATCH This Week

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Apache Ldap Studio Directory Studio
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2016-2393 HIGH PATCH This Week

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Lenovo Fingerprint Manager Touch Fingerprint
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2193 HIGH PATCH This Week

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PostgreSQL
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-2164 HIGH PATCH This Week

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Java Apache Openmeetings
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2015-8240 HIGH This Week

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +6
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-0783 HIGH PATCH This Week

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Apache Openmeetings
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-8614 HIGH PATCH This Week

Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Claws Mail Leap Opensuse
NVD
CVSS 3.0
7.3
EPSS
1.9%
CVE-2012-6699 HIGH This Week

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Dhcpcd
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2012-6698 HIGH This Week

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Dhcpcd
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2012-6700 HIGH This Week

The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Dhcpcd
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-5303 HIGH PATCH This Week

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tripleo Heat Templates
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8708 HIGH This Week

Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Claws Mail
NVD
CVSS 3.0
7.3
EPSS
1.3%
CVE-2016-3678 HIGH This Week

Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S5300 Firmware S5700 Firmware S7700 Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-5329 HIGH This Week

The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openstack
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2016-2163 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Openmeetings
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2016-3676 MEDIUM This Month

Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Huawei E3276S Firmware
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2015-7528 MEDIUM PATCH This Month

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Kubernetes Information Disclosure Openshift
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2014-9759 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Mantisbt
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2015-7502 MEDIUM This Month

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Red Hat Information Disclosure PostgreSQL Cloudforms Management Engine Cloudforms
NVD
CVSS 3.0
5.1
EPSS
0.1%
CVE-2015-5233 MEDIUM PATCH This Month

Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.

Privilege Escalation Foreman Satellite
NVD
CVSS 3.0
4.2
EPSS
0.2%
CVE-2015-5313 LOW PATCH Monitor

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows. Rated low severity (CVSS 2.5). This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Libvirt
NVD
CVSS 3.0
2.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy