Skip to main content
CVE-2015-7893 HIGH POC THREAT Act Now

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.6%.

Samsung Information Disclosure Galaxy S6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.6%
CVE-2017-7694 HIGH POC PATCH This Week

Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection PHP Symphony
NVD GitHub
CVSS 3.0
8.8
EPSS
5.4%
CVE-2017-6088 HIGH POC This Week

Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
6.9%
CVE-2016-4483 HIGH POC PATCH This Week

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Deserialization Denial Of Service Libxml2 Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2016-4446 HIGH POC PATCH This Week

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Setroubleshoot Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-4445 HIGH POC PATCH This Week

The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Setroubleshoot Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-4444 HIGH POC PATCH This Week

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Setroubleshoot Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-4468 HIGH PATCH This Week

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Elastic Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2016-6811 HIGH PATCH This Week

In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Privilege Escalation Hadoop
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2015-8666 HIGH PATCH This Week

Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Debian Linux
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2016-4989 HIGH PATCH This Week

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by. Rated high severity (CVSS 7.0). This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Setroubleshoot Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy