Skip to main content
CVE-2015-2080 HIGH POC PATCH THREAT Act Now

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.4%.

Information Disclosure Fedora Jetty
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
92.4%
Threat
5.8
CVE-2015-5162 HIGH POC PATCH This Week

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cinder Glance Nova
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2016-3699 HIGH POC PATCH This Week

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available.

Red Hat Privilege Escalation Linux Linux Kernel Enterprise Mrg
NVD GitHub
CVSS 3.0
7.4
EPSS
0.0%
CVE-2016-7040 HIGH This Week

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms Management Engine
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-6273 HIGH This Week

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Microsoft License Server License Server Vpx
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-6323 HIGH This Week

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Glibc Opensuse Fedora
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-1000001 HIGH PATCH This Week

flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Open Redirect Flask Oidc
NVD GitHub
CVSS 3.0
7.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy