Skip to main content
CVE-2016-5018 CRITICAL POC PATCH Act Now

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat Authentication Bypass Apache Oncommand Insight Oncommand Shift +12
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2017-8518 HIGH PATCH Act Now

Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.0%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
24.0%
CVE-2017-12798 MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8745 HIGH PATCH Act Now

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.9%.

Tomcat Apache Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
10.9%
CVE-2017-1174 HIGH This Week

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Sterling B2b Integrator
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-3156 HIGH PATCH This Week

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Cxf
NVD
CVSS 3.0
7.5
EPSS
6.5%
CVE-2017-1192 HIGH This Week

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Sterling B2b Integrator
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2016-8739 HIGH PATCH This Week

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Cxf
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2017-12799 HIGH PATCH This Week

The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2014-0145 HIGH PATCH This Week

Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service Qemu
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-6812 MEDIUM PATCH This Month

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Cxf
NVD
CVSS 3.0
6.1
EPSS
8.6%
CVE-2017-3751 HIGH PATCH This Week

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Thinkpad Compact Usb Keyboard Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-6817 HIGH PATCH This Week

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Tomcat Denial Of Service Apache
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2016-6797 HIGH PATCH This Week

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Tomcat Authentication Bypass Apache Tekelec Platform Distribution Debian Linux +11
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-3130 HIGH This Week

An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2014-0143 HIGH PATCH This Week

Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in. Rated high severity (CVSS 7.0).

Integer Overflow Denial Of Service Buffer Overflow Enterprise Linux Qemu
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-3753 MEDIUM This Month

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Lenovo Ideacentre 300 20Ish Firmware Ideacentre 300S 11Ish Firmware +109
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-0762 MEDIUM PATCH This Month

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Tomcat Apache Information Disclosure Ubuntu Linux Debian Linux +12
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2014-0146 MEDIUM This Month

The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qemu
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-0142 MEDIUM This Month

QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1168 MEDIUM PATCH This Month

IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1431 MEDIUM PATCH This Month

IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Streams
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6794 MEDIUM PATCH This Month

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass Apache Debian Linux Jboss Enterprise Web Server +11
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2017-7737 MEDIUM This Month

An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiweb
NVD
CVSS 3.0
4.9
EPSS
0.4%
CVE-2017-1377 MEDIUM This Month

IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Runbook Automation
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy