Skip to main content
CVE-2016-4437 CRITICAL POC KEV PATCH THREAT Act Now

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Apache RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2016-3087 CRITICAL POC PATCH THREAT Act Now

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an !. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.0%.

RCE Apache Struts
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
87.0%
Threat
6.1
CVE-2015-7611 HIGH POC PATCH THREAT Act Now

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.9%.

Command Injection Apache James Server
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
74.9%
Threat
5.4
CVE-2016-2335 HIGH POC This Week

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Opensuse Debian Linux +1
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2015-7695 CRITICAL PATCH Act Now

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Zend Framework Debian Linux
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2014-9746 CRITICAL Act Now

The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freetype Debian Linux
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-3072 HIGH PATCH This Week

Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Katello Satellite
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-4450 HIGH This Week

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Denial Of Service Null Pointer Dereference Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2015-5260 HIGH This Week

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +7
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-5228 HIGH This Week

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Opensuse Checkpoint Restore In Userspace
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-5723 HIGH PATCH This Week

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

PHP Privilege Escalation Zend Cache Debian Linux Object Relational Mapper +7
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-4545 HIGH This Week

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Local Traffic Manager Big Ip Analytics +5
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2014-9747 HIGH This Week

The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freetype Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2015-5261 HIGH This Week

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +5
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-4962 MEDIUM This Month

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Vm Server Xen
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2014-8177 MEDIUM This Month

The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Gluster Storage Management Console Gluster Storage Server Storage Native Client
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-3093 MEDIUM PATCH This Month

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Ognl Struts
NVD
CVSS 3.0
5.3
EPSS
5.1%
CVE-2013-7440 MEDIUM This Month

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Python Information Disclosure
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-5242 MEDIUM This Month

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS. Rated medium severity (CVSS 5.6). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
5.6
EPSS
0.1%
CVE-2015-5231 MEDIUM This Month

The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Checkpoint Restore In Userspace Opensuse
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4963 MEDIUM This Month

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Authentication Bypass Xen
NVD
CVSS 3.0
4.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy