Skip to main content
CVE-2016-0710 HIGH POC PATCH THREAT Act Now

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.2%.

SQLi Apache Jetspeed
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
79.2%
Threat
5.6
CVE-2016-0709 HIGH POC PATCH THREAT Act Now

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.9%.

Path Traversal RCE Apache Jetspeed
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
70.9%
Threat
5.1
CVE-2015-8604 HIGH POC This Week

SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-3659 HIGH POC This Week

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-0266 HIGH POC PATCH This Week

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Apache Ranger
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-2171 HIGH PATCH Act Now

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.6%.

Privilege Escalation Apache Jetspeed
NVD
CVSS 3.0
7.5
EPSS
16.6%
CVE-2016-1235 HIGH PATCH This Week

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSH Privilege Escalation Oar Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2015-7330 HIGH This Week

Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-0735 HIGH PATCH This Week

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Apache Ranger
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3675 HIGH This Week

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Huawei Policy Center Firmware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2015-5349 HIGH PATCH This Week

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Apache Ldap Studio Directory Studio
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2016-2393 HIGH PATCH This Week

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Lenovo Fingerprint Manager Touch Fingerprint
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2193 HIGH PATCH This Week

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PostgreSQL
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-2164 HIGH PATCH This Week

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Java Apache Openmeetings
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2015-8240 HIGH This Week

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +6
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-0783 HIGH PATCH This Week

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Apache Openmeetings
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-8614 HIGH PATCH This Week

Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Claws Mail Leap Opensuse
NVD
CVSS 3.0
7.3
EPSS
1.9%
CVE-2012-6699 HIGH This Week

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Dhcpcd
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2012-6698 HIGH This Week

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Dhcpcd
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2012-6700 HIGH This Week

The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Dhcpcd
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-5303 HIGH PATCH This Week

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tripleo Heat Templates
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8708 HIGH This Week

Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Claws Mail
NVD
CVSS 3.0
7.3
EPSS
1.3%
CVE-2016-3678 HIGH This Week

Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S5300 Firmware S5700 Firmware S7700 Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-5329 HIGH This Week

The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openstack
NVD
CVSS 3.0
7.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy