Skip to main content
CVE-2016-3081 HIGH POC PATCH THREAT Act Now

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 94.0%.

Command Injection RCE Apache Struts Siebel E Billing
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
94.0%
Threat
5.9
CVE-2016-3074 CRITICAL POC PATCH THREAT Act Now

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.4%.

Denial Of Service RCE Buffer Overflow Libgd Debian Linux +4
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
54.4%
Threat
5.1
CVE-2016-3082 CRITICAL PATCH Act Now

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.6%.

RCE Apache Struts
NVD
CVSS 3.0
9.8
EPSS
24.6%
CVE-2016-4002 CRITICAL PATCH Act Now

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.0%.

Denial Of Service RCE Buffer Overflow Qemu Fedora +2
NVD
CVSS 3.1
9.8
EPSS
12.0%
CVE-2016-1601 CRITICAL Act Now

yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yast2
NVD
CVSS 3.0
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy