Skip to main content
CVE-2016-2056 HIGH POC PATCH THREAT Act Now

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.3%.

Command Injection Xymon Debian Linux
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
56.3%
Threat
5.0
CVE-2016-2055 HIGH POC PATCH THREAT Act Now

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.0%.

Information Disclosure Xymon Debian Linux
NVD
CVSS 3.0
7.5
EPSS
68.0%
Threat
5.0
CVE-2015-7545 CRITICAL PATCH Act Now

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 34.7%.

RCE Git Software Collections Ubuntu Linux Opensuse
NVD GitHub
CVSS 3.0
9.8
EPSS
34.7%
CVE-2014-9766 CRITICAL PATCH Act Now

Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.1%.

RCE Denial Of Service Pixman Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
14.1%
CVE-2016-3981 HIGH POC PATCH This Week

Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Optipng Ubuntu Linux +1
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2015-8080 HIGH POC This Week

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Redis Buffer Overflow Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2015-8620 HIGH POC This Week

Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Avast Free Antivirus Avast Internet Security Avast Premier Avast Pro Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2015-1547 MEDIUM POC This Month

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Libtiff
NVD
CVSS 3.0
6.5
EPSS
4.5%
CVE-2016-2191 MEDIUM POC PATCH This Month

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Optipng Ubuntu Linux Debian Linux +2
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2016-4009 CRITICAL PATCH Act Now

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Pillow
NVD GitHub
CVSS 3.0
9.8
EPSS
5.3%
CVE-2016-2054 CRITICAL PATCH Act Now

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Debian Linux Xymon
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2015-8807 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Fedora Groupware Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-2228 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Debian Linux Groupware Horde Groupware +1
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-4007 CRITICAL PATCH Act Now

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2016-3630 HIGH PATCH This Week

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Fedora Leap Mercurial Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2016-3068 HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Debian Linux Mercurial Fedora Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-7555 MEDIUM POC This Month

Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Giflib Fedora
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-3069 HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Mercurial Debian Linux Linux Enterprise Debuginfo Opensuse +10
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2016-3982 HIGH PATCH This Week

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Leap Opensuse +3
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2016-1577 HIGH This Week

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Ubuntu Linux Jasper
NVD
CVSS 3.0
7.6
EPSS
7.7%
CVE-2016-2313 HIGH This Week

auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Cacti Leap Opensuse
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2015-8806 HIGH PATCH This Week

dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libxml2 Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2015-8555 HIGH PATCH This Week

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xenserver Xen
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2016-2515 HIGH PATCH This Week

Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Hawk
NVD GitHub
CVSS 3.0
7.5
EPSS
5.3%
CVE-2015-0861 MEDIUM POC PATCH This Month

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Trytond Debian Linux
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2015-3146 HIGH This Week

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libssh Ubuntu Linux Debian Linux Fedora
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2015-8304 HIGH This Week

Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei P7 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1495 HIGH This Week

Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei Mate S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2780 HIGH This Week

Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Huawei Utps Firmware
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2084 HIGH This Week

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Information Disclosure Microsoft Big Iq Security Big Ip Webaccelerator +16
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2015-8843 HIGH PATCH This Week

The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Foxit Reader
NVD
CVSS 3.0
7.4
EPSS
0.0%
CVE-2016-2116 MEDIUM This Month

Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Linux Jasper
NVD
CVSS 3.0
5.7
EPSS
7.3%
CVE-2016-2533 MEDIUM PATCH This Month

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Buffer Overflow Pillow Python Imaging +1
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2015-8784 MEDIUM PATCH This Month

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Memory Corruption Buffer Overflow Libtiff Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2016-0739 MEDIUM This Month

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Enterprise Linux Ubuntu Linux Libssh +2
NVD
CVSS 3.0
5.9
EPSS
4.3%
CVE-2014-9655 MEDIUM This Month

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Libtiff
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2016-0775 MEDIUM PATCH This Month

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Pillow Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2015-8553 MEDIUM PATCH This Month

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2016-0787 MEDIUM PATCH This Month

The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fedora Opensuse Libssh2 Debian Linux
NVD
CVSS 3.0
5.9
EPSS
3.1%
CVE-2016-0740 MEDIUM PATCH This Month

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Pillow Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-8606 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Silverstripe
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-8682 MEDIUM This Month

The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate S Firmware P8 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2015-8551 MEDIUM This Month

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel Debian Linux Opensuse +5
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-3686 MEDIUM This Month

The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Edge Gateway Big Ip Access Policy Manager
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2015-8665 MEDIUM This Month

tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libtiff
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8683 MEDIUM This Month

The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libtiff Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-1496 MEDIUM This Month

The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2058 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Debian Linux Xymon
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8552 MEDIUM This Month

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Ubuntu Linux Debian Linux Suse Linux Enterprise Debuginfo +1
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2016-0757 MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Image Registry And Delivery Service Glance
NVD
CVSS 3.0
4.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy