Skip to main content
CVE-2015-0786 CRITICAL Act Now

Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 29.7% and no vendor patch available.

Buffer Overflow RCE Zenworks Configuration Management
NVD
CVSS 3.0
9.8
EPSS
29.7%
CVE-2015-6816 CRITICAL POC PATCH Act Now

ganglia-web before 3.7.1 allows remote attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fedora Ganglia Web
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-12774 CRITICAL POC Act Now

finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Finecms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2015-0781 CRITICAL Act Now

Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zenworks Configuration Management
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2015-1820 CRITICAL PATCH Act Now

REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Rest Client
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2015-0780 CRITICAL Act Now

SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zenworks Configuration Management
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2015-0782 CRITICAL Act Now

SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zenworks Configuration Management
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2017-12762 CRITICAL PATCH Act Now

In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2015-2311 CRITICAL Act Now

Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service Capnproto
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2012-2781 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2012-2780 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2012-2778 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2012-2773 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2012-2771 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-6941 CRITICAL PATCH Act Now

win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Salt 2015
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-2310 CRITICAL Act Now

Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Capnproto
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy