Skip to main content
CVE-2017-0003 HIGH POC THREAT Act Now

Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.6%.

RCE Buffer Overflow Microsoft Sharepoint Enterprise Server Word
NVD GitHub
CVSS 3.0
7.8
EPSS
33.6%
Threat
4.1
CVE-2017-0004 HIGH Act Now

The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.5% and no vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2008 Windows Vista
NVD
CVSS 3.0
7.5
EPSS
53.5%
CVE-2015-4594 CRITICAL POC THREAT Emergency

eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Authentication Bypass Population Health
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-0002 HIGH POC THREAT Act Now

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.7%.

Authentication Bypass Microsoft Edge
NVD GitHub
CVSS 3.0
8.8
EPSS
14.7%
CVE-2015-4592 HIGH POC This Week

eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Population Health
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-4593 HIGH POC This Week

eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Population Health
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-4591 MEDIUM POC This Month

eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Population Health
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2016-10126 CRITICAL Act Now

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Splunk
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2016-6830 CRITICAL PATCH Act Now

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Chicken
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-6287 HIGH This Week

The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Http Client
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6286 HIGH This Week

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Http Client
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6831 HIGH PATCH This Week

The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Chicken
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-6580 HIGH PATCH This Week

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Python Priority Library
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-6581 HIGH PATCH This Week

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Hpack Hyper
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-6837 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mantisbt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2016-9247 MEDIUM This Month

Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +6
NVD
CVSS 3.0
5.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy