Skip to main content

CWE-17

DEPRECATED: Code

158 CVEs Avg CVSS 5.8 MITRE
11
CRITICAL
42
HIGH
90
MEDIUM
15
LOW
17
POC
0
KEV

Monthly

CVE-2020-3222 MEDIUM PATCH This Month

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Apple Ios Xe
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2016-10075 PyPI HIGH PATCH This Week

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Tqdm
NVD GitHub VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10142 HIGH This Week

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ipv6
NVD VulDB
CVSS 3.0
8.6
EPSS
1.1%
CVE-2016-3721 Maven MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Code Injection Openshift
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2015-5229 HIGH This Week

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-1640 MEDIUM This Month

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2016-2314 MEDIUM POC This Month

GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Huawei Mt882 Firmware
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2016-1943 MEDIUM This Month

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Leap Opensuse +2
NVD
CVSS 3.0
4.7
EPSS
0.6%
CVE-2016-1940 MEDIUM This Month

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Android Firefox
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-1571 MEDIUM This Month

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Canonical Denial Of Service Xenserver Xen
NVD
CVSS 3.0
6.3
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Apple +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Tqdm
NVD GitHub VulDB
EPSS 1% CVSS 8.6
HIGH This Week

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ipv6
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Code Injection Openshift
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux +7
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
EPSS 0% CVSS 4.9
MEDIUM POC This Month

GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Huawei Mt882 Firmware
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Canonical Denial Of Service Xenserver +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy