Skip to main content
CVE-2017-15595 HIGH POC PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Xen
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.5%
CVE-2014-3709 HIGH POC PATCH This Week

The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Keycloak
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-15578 HIGH POC This Week

In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Melody
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-7715 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Realtyna Property Listing
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2015-7714 HIGH POC This Week

Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla!. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Realtyna Property Listing
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
3.4%
CVE-2017-15600 HIGH POC This Week

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libextractor
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-15601 HIGH POC This Week

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libextractor
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-15602 HIGH POC This Week

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libextractor
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-5227 HIGH This Week

The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Wordpress Landing Pages
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2017-15592 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Denial Of Service Information Disclosure Xen
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-15594 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-15590 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-8022 HIGH This Week

An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Denial Of Service Networker
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2015-2156 HIGH PATCH This Week

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Netty Play Framework
NVD GitHub
CVSS 3.0
7.5
EPSS
3.3%
CVE-2017-15587 HIGH This Week

An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mupdf
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15588 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. Rated high severity (CVSS 7.8).

RCE Race Condition Xen
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15572 HIGH PATCH This Week

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-15577 HIGH PATCH This Week

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-15576 HIGH PATCH This Week

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2014-3164 HIGH This Week

cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-5164 HIGH This Week

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Red Hat RCE Qpid
NVD
CVSS 3.0
7.2
EPSS
1.7%
CVE-2017-15575 HIGH PATCH This Week

In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.0
7.3
EPSS
0.7%
CVE-2016-5714 HIGH This Week

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Puppet Enterprise Puppet Agent
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy