Skip to main content
CVE-2017-5645 CRITICAL POC PATCH THREAT Act Now

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.0%.

Deserialization Apache RCE Log4J Oncommand Api Services +77
NVD
CVSS 3.1
9.8
EPSS
94.0%
Threat
6.3
CVE-2017-5648 CRITICAL PATCH Act Now

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.8%.

Tomcat Apache Information Disclosure
NVD
CVSS 3.0
9.1
EPSS
21.8%
CVE-2015-8256 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Network Camera Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.9%
CVE-2016-6727 CRITICAL PATCH Act Now

The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm RCE Google Privilege Escalation Android
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2017-5651 CRITICAL PATCH Act Now

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Information Disclosure
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2017-5650 HIGH PATCH Act Now

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.7%.

Tomcat Apache Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
12.7%
CVE-2016-6726 CRITICAL PATCH Act Now

Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-7551 HIGH PATCH This Week

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.0
7.5
EPSS
6.6%
CVE-2017-5647 HIGH PATCH This Week

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Apache Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2017-5659 HIGH PATCH This Week

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2016-5396 HIGH PATCH This Week

Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2017-7889 HIGH PATCH This Week

The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Linux Authentication Bypass Linux Kernel Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-3036 HIGH PATCH This Week

IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service IBM Cognos Business Intelligence
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-7892 HIGH This Week

Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Capnproto
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-1161 HIGH This Week

IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2017-7885 HIGH This Week

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Jbig2Dec
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2016-4871 MEDIUM This Month

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Office
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2016-4869 MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2017-7891 MEDIUM PATCH This Month

sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Sourcebans Pp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3037 MEDIUM PATCH This Month

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cognos Business Intelligence
NVD
CVSS 3.0
5.7
EPSS
0.3%
CVE-2016-4870 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1160 MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3038 MEDIUM PATCH This Month

IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Business Intelligence
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0228 MEDIUM PATCH This Month

IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Marketing Platform
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-4866 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
4.8
EPSS
0.4%
CVE-2016-4865 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
4.8
EPSS
0.4%
CVE-2016-4868 MEDIUM This Month

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Code Injection Office
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2016-4873 MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-4872 MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-4867 MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-4874 LOW Monitor

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy