Skip to main content
CVE-2015-8813 HIGH POC PATCH THREAT Act Now

The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.8%.

SSRF Umbraco
NVD GitHub
CVSS 3.0
8.2
EPSS
82.8%
Threat
5.6
CVE-2016-6883 MEDIUM POC PATCH THREAT This Month

MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 70.3%.

Information Disclosure Matrixssl
NVD GitHub
CVSS 3.0
5.9
EPSS
70.3%
Threat
4.8
CVE-2016-7406 CRITICAL PATCH Act Now

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.3%.

RCE Dropbear Ssh
NVD
CVSS 3.0
9.8
EPSS
25.3%
CVE-2016-10204 CRITICAL POC Act Now

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10206 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Zoneminder
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-5356 HIGH POC PATCH This Week

Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2016-10205 HIGH POC This Week

Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Zoneminder
NVD
CVSS 3.0
7.3
EPSS
0.7%
CVE-2017-5830 CRITICAL PATCH Act Now

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Revive Adserver
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2016-10203 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoneminder
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-10202 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-10201 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8815 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Umbraco
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10193 CRITICAL PATCH Act Now

The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Espeak Ruby
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-7407 CRITICAL PATCH Act Now

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE SSH Dropbear Ssh
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-10194 CRITICAL PATCH Act Now

The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Festivaltts4R
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-7408 HIGH PATCH This Week

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Dropbear Ssh
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-10127 CRITICAL PATCH Act Now

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Pysaml2
NVD GitHub
CVSS 3.0
9.0
EPSS
0.5%
CVE-2017-2290 HIGH This Week

On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Mcollective Puppet Agent
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2015-8814 HIGH PATCH This Week

Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Umbraco
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-7969 HIGH PATCH This Week

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Leap Opensuse +2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2016-7972 HIGH PATCH This Week

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse Fedora Libass
NVD GitHub
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-5613 HIGH This Week

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cgiecho Cgiemail
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-5193 HIGH PATCH This Week

The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-5194 HIGH PATCH This Week

Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2016-10065 HIGH PATCH This Week

The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Imagemagick Leap
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-7970 HIGH PATCH This Week

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Fedora Libass
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-5196 HIGH PATCH This Week

Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Irssi
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-5195 HIGH PATCH This Week

Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Irssi
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-5835 HIGH PATCH This Week

libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libplist
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-5836 HIGH PATCH This Week

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libplist
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-8236 HIGH PATCH This Week

Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Lenovo Thinkserver Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-3127 HIGH This Week

An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Good Control Server
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-10061 MEDIUM PATCH This Month

The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-5867 MEDIUM PATCH This Month

ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Owncloud
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-6884 MEDIUM This Month

TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Matrixssl
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-5571 MEDIUM This Month

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Citrix Microsoft Flexnet Publisher
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-5614 MEDIUM This Month

Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2017-5833 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Revive Adserver
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5615 MEDIUM This Month

cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cgiecho Cgiemail
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5616 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cgiecho Cgiemail
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6882 MEDIUM PATCH This Month

MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Matrixssl
NVD GitHub
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-5831 MEDIUM PATCH This Month

Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Session Fixation Information Disclosure Revive Adserver
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-10070 MEDIUM PATCH This Month

Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2017-5834 MEDIUM PATCH This Month

The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libplist
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-10066 MEDIUM PATCH This Month

Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2016-7409 MEDIUM PATCH This Month

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Dropbear Ssh
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-5832 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Revive Adserver
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-5866 MEDIUM PATCH This Month

The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Owncloud
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-5865 LOW PATCH Monitor

The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Owncloud
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2015-2877 LOW Monitor

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Linux
NVD
CVSS 3.1
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy