Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-04-07 CVE-2016-0791 Information Exposure vulnerability in multiple products
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
network
low complexity
redhat jenkins CWE-200
critical
9.8
2016-04-07 CVE-2016-0788 Permissions, Privileges, and Access Controls vulnerability in multiple products
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
network
low complexity
jenkins redhat CWE-264
critical
9.8
2016-04-07 CVE-2016-0729 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
network
low complexity
samsung fedoraproject CWE-119
critical
9.8
2016-04-07 CVE-2016-3974 XXE vulnerability in SAP Netweaver Application Server Java
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
network
low complexity
sap CWE-611
critical
9.1
2016-04-07 CVE-2016-1019 Unspecified vulnerability in Adobe products
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
network
low complexity
adobe
critical
9.8
2016-04-06 CVE-2016-1313 Permissions, Privileges, and Access Controls vulnerability in Cisco UCS Invicta C3124Sa Appliance 4.3.1/4.5.0/5.0.1
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294.
network
low complexity
cisco CWE-264
critical
9.8
2016-04-06 CVE-2016-1291 Improper Input Validation vulnerability in multiple products
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
network
low complexity
cisco sun CWE-20
critical
9.8
2016-04-06 CVE-2015-7921 Credentials Management vulnerability in Schneider-Electric products
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials.
network
low complexity
schneider-electric CWE-255
critical
9.1
2016-04-05 CVE-2016-2000 Data Processing Errors vulnerability in HP products
HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
hp CWE-19
critical
9.8
2016-04-05 CVE-2015-8522 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521.
network
low complexity
ibm CWE-119
critical
9.8