Skip to main content
CVE-2015-2080 HIGH POC PATCH THREAT Act Now

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.4%.

Information Disclosure Fedora Jetty
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
92.4%
Threat
5.8
CVE-2015-5162 HIGH POC PATCH This Week

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cinder Glance Nova
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2016-3699 HIGH POC PATCH This Week

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available.

Red Hat Privilege Escalation Linux Linux Kernel Enterprise Mrg
NVD GitHub
CVSS 3.0
7.4
EPSS
0.0%
CVE-2016-7167 CRITICAL Act Now

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Fedora Libcurl
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2016-1000003 CRITICAL PATCH Act Now

Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Mirror Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-7040 HIGH This Week

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms Management Engine
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-6273 HIGH This Week

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Microsoft License Server License Server Vpx
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-6323 HIGH This Week

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Glibc Opensuse Fedora
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-1000001 HIGH PATCH This Week

flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Open Redirect Flask Oidc
NVD GitHub
CVSS 3.0
7.4
EPSS
0.2%
CVE-2016-7777 MEDIUM PATCH This Month

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks. Rated medium severity (CVSS 6.3).

Race Condition Information Disclosure Xen
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2016-1000007 MEDIUM PATCH This Month

Pagure 2.2.1 XSS in raw file endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pagure
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2016-7424 MEDIUM This Month

The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Debian Linux Libav
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-7363 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortimanager Firmware Fortianalyzer Firmware
NVD
CVSS 3.0
5.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy