Skip to main content
CVE-2016-8749 CRITICAL POC PATCH THREAT Act Now

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

Deserialization Apache RCE Camel
NVD GitHub
CVSS 3.0
9.8
EPSS
12.2%
CVE-2014-6440 CRITICAL POC PATCH Act Now

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Vlc
NVD
CVSS 3.0
9.8
EPSS
5.3%
CVE-2016-10152 CRITICAL PATCH Act Now

The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Hesiod
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-9125 CRITICAL PATCH Act Now

Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Revive Adserver
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2016-6807 CRITICAL PATCH Act Now

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ambari
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-9124 CRITICAL PATCH Act Now

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Revive Adserver
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-9121 CRITICAL PATCH Act Now

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Jose
NVD GitHub
CVSS 3.0
9.1
EPSS
0.2%
CVE-2016-9470 CRITICAL PATCH Act Now

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Revive Adserver
NVD GitHub
CVSS 3.0
9.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy