Skip to main content
CVE-2016-6254 CRITICAL PATCH Act Now

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.1%.

Denial Of Service RCE Buffer Overflow Debian Linux Collectd +1
NVD GitHub
CVSS 3.0
9.1
EPSS
13.1%
CVE-2015-8949 CRITICAL PATCH Act Now

Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Dbd Mysql Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2014-9906 CRITICAL PATCH Act Now

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption RCE Use After Free Debian Linux +1
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2016-6493 CRITICAL Act Now

Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenapp Xendesktop
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-0760 HIGH This Week

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache RCE Authentication Bypass Sentry
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-4475 HIGH PATCH This Week

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Foreman
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5736 HIGH This Week

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Application Acceleration Manager Big Ip Webaccelerator Big Ip Analytics Big Ip Domain Name System +11
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2015-8022 HIGH This Week

The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Big Ip Global Traffic Manager Big Ip Local Traffic Manager Big Ip Webaccelerator Big Ip Policy Enforcement Manager +10
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-3089 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Openmeetings
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2016-6319 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Foreman
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-3195 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortimanager Firmware Fortianalyzer Firmware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-3194 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortimanager Firmware Fortianalyzer Firmware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6320 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Foreman
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3193 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortimanager Firmware Fortianalyzer Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-4995 MEDIUM PATCH This Month

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Foreman
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-5390 MEDIUM PATCH This Month

Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Foreman
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-4451 MEDIUM PATCH This Month

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Authentication Bypass Foreman
NVD
CVSS 3.0
5.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy