Skip to main content
CVE-2016-4014 HIGH POC This Week

XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE SAP Java Netweaver
NVD
CVSS 3.0
8.6
EPSS
6.9%
CVE-2015-8540 HIGH PATCH Act Now

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.5%.

Buffer Overflow Enterprise Linux Desktop Supplementary Enterprise Linux Hpc Node Enterprise Linux Server Supplementary Enterprise Linux Workstation Supplementary +3
NVD VulDB
CVSS 3.0
8.8
EPSS
13.5%
CVE-2015-5343 HIGH Act Now

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Apache Subversion +1
NVD
CVSS 3.0
7.6
EPSS
19.1%
CVE-2015-8550 HIGH Act Now

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

Denial Of Service Authentication Bypass Xen Suse Linux Enterprise Real Time Extension
NVD
CVSS 3.0
8.2
EPSS
16.0%
CVE-2016-4016 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SAP Java As
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-1352 CRITICAL Act Now

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cisco Unified Computing System Central Software
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-8560 HIGH Act Now

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Cups Filters Foomatic Filters
NVD
CVSS 3.0
7.3
EPSS
10.8%
CVE-2015-7999 HIGH This Week

Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix SQLi Command Center
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-4015 HIGH This Week

The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Java Netweaver
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2016-4017 HIGH This Week

The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Hana
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-8676 HIGH This Week

Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei S2350Ei Firmware S5300Ei Firmware +9
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8554 HIGH This Week

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Xen
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-4018 HIGH This Week

The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Hana
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2015-5247 MEDIUM This Month

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Libvirt Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2015-8677 MEDIUM This Month

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei S5300Ei Firmware S5300Si Firmware S5310Hi Firmware +10
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-3079 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Red Hat Satellite Spacewalk Java
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-2103 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Red Hat Satellite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-0284 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Red Hat Java Satellite Spacewalk Java
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-1378 MEDIUM This Month

Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-8336 MEDIUM This Month

Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Fusioncompute
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy