Latest CVE Feed
-
9.8
CRITICALCVE-2016-2177
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging un... Read more
- EPSS Score: %47.95
- Published: Jun. 20, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-2008
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more
Affected Products : data_protector- EPSS Score: %20.72
- Published: Apr. 21, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-1908
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding priv... Read more
- EPSS Score: %4.36
- Published: Apr. 11, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2016-1901
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.... Read more
- EPSS Score: %4.36
- Published: Jan. 20, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-10134
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.... Read more
Affected Products : zabbix- EPSS Score: %88.00
- Published: Feb. 17, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2015-8778
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers... Read more
- EPSS Score: %6.77
- Published: Apr. 19, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-5740
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.... Read more
- EPSS Score: %6.04
- Published: Oct. 18, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2015-4643
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflo... Read more
- EPSS Score: %6.68
- Published: May. 16, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.... Read more
- EPSS Score: %52.46
- Published: Aug. 13, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipu... Read more
Affected Products : business_intelligence weblogic_server identity_manager_connector snapmanager mysql_enterprise_monitor hyperion_data_relationship_management tuxedo business_process_management_suite communications_instant_messaging_server communications_offline_mediation_controller +18 more products- EPSS Score: %14.14
- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-9843
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.... Read more
- EPSS Score: %1.09
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-4966
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinj... Read more
Affected Products : ansible- EPSS Score: %4.75
- Published: Feb. 18, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-3622
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.... Read more
Affected Products : php- EPSS Score: %2.34
- Published: Feb. 19, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-3600
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.... Read more
Affected Products : activemq- EPSS Score: %0.53
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2013-7390
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct requ... Read more
Affected Products : manageengine_desktop_central- EPSS Score: %66.78
- Published: Jan. 27, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-5017
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more
Affected Products : web_gateway- EPSS Score: %24.96
- Published: Jun. 18, 2014
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2012-1710
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerab... Read more
Affected Products : fusion_middleware- Actively Exploited
- EPSS Score: %74.57
- Published: May. 03, 2012
- Modified: Apr. 11, 2025
-
9.8
CRITICALCVE-2011-3145
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.... Read more
Affected Products : mount.ecrpytfs_private- EPSS Score: %0.23
- Published: Apr. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2008-3465
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF fil... Read more
Affected Products : windows_server_2008 windows_2000 windows_2003_server windows_server_2003 windows_vista windows_xp- EPSS Score: %41.36
- Published: Dec. 10, 2008
- Modified: Apr. 09, 2025
-
9.8
CRITICALCVE-2008-2374
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified ... Read more
- EPSS Score: %6.04
- Published: Jul. 07, 2008
- Modified: Apr. 09, 2025