Skip to main content
CVE-2012-5357 CRITICAL POC THREAT Emergency

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.6%.

RCE Ektron Content Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
82.6%
Threat
5.9
CVE-2012-5358 CRITICAL POC Act Now

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ektron Content Management System
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-10151 CRITICAL PATCH Act Now

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.8%.

Information Disclosure Oracle Identity Manager
NVD
CVSS 3.0
10.0
EPSS
13.8%
CVE-2014-0073 CRITICAL PATCH Act Now

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4%.

Apache Apple Privilege Escalation Cordova In App Browser Cordova
NVD GitHub
CVSS 3.0
9.8
EPSS
11.4%
CVE-2015-3249 CRITICAL Act Now

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Apache Traffic Server
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2013-4366 CRITICAL PATCH Act Now

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Apache Information Disclosure Httpclient
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2012-4449 CRITICAL PATCH Act Now

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Hadoop
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2014-3624 CRITICAL PATCH Act Now

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Traffic Server
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-15597 CRITICAL PATCH Act Now

An issue was discovered in Xen through 4.9.x. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Privilege Escalation Xen
NVD
CVSS 3.0
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy