Skip to main content
CVE-2017-5570 HIGH This Week

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Patient Portal
NVD GitHub VulDB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-5237 MEDIUM POC This Month

Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Steamos
NVD Exploit-DB VulDB
CVSS 3.0
4.8
EPSS
0.1%
CVE-2016-9383 HIGH PATCH This Week

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service RCE Xen Xenserver
NVD VulDB
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-5091 HIGH PATCH This Week

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Typo3
NVD VulDB
CVSS 3.0
8.1
EPSS
2.4%
CVE-2016-7102 HIGH This Week

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Owncloud Desktop Client
NVD VulDB
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-5554 HIGH This Week

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Oxygenos
NVD VulDB
CVSS 3.0
8.1
EPSS
1.6%
CVE-2017-5371 HIGH This Week

Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Adaptive Server Enterprise
NVD VulDB
CVSS 3.0
7.5
EPSS
4.0%
CVE-2017-5556 HIGH This Week

The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Microsoft Information Disclosure Foxit Reader +1
NVD VulDB
CVSS 3.0
8.1
EPSS
0.8%
CVE-2016-10101 HIGH This Week

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Information Disclosure Automize
NVD VulDB
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-10103 HIGH This Week

Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Information Disclosure Automize
NVD VulDB
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-10102 HIGH This Week

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Automize
NVD VulDB
CVSS 3.0
8.1
EPSS
0.1%
CVE-2016-5720 HIGH This Week

Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation Skype
NVD VulDB
CVSS 3.0
7.8
EPSS
1.0%
CVE-2016-9445 HIGH This Week

An integer overflow vulnerability exists in the vmnc decoder component of GStreamer that allows remote attackers to trigger a buffer overflow and crash the application. GStreamer version 1.10.0 is confirmed affected, with exploitation requiring no authentication or user interaction over the network. A public proof-of-concept exploit exists (published on Scary Beasts Security blog), and EPSS indicates a 2.41% probability of exploitation in the wild (85th percentile), making this a moderate real-world risk.

Denial Of Service Buffer Overflow Integer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
2.4%
CVE-2015-8971 HIGH PATCH This Week

Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Debian Linux Terminology
NVD VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2016-9379 HIGH PATCH This Week

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity.

Information Disclosure Xen Xenserver
NVD VulDB
CVSS 3.0
7.9
EPSS
0.1%
CVE-2016-9447 HIGH This Week

A vulnerability in the ROM mappings of the NSF decoder in GStreamer 0.10.x allows remote attackers to trigger out-of-bounds memory access through crafted NSF music files, potentially leading to arbitrary code execution or denial of service. The vulnerability affects all GStreamer 0.10.x versions and requires user interaction to open a malicious NSF file. With an EPSS score of 0.48% (65th percentile) and proof-of-concept exploit code publicly available, this represents a moderate real-world risk for systems processing untrusted media files.

RCE Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-6920 HIGH This Week

Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ffmpeg
NVD VulDB
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-9382 HIGH PATCH This Week

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Xenserver
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9386 HIGH PATCH This Week

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Xenserver Xen
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6668 HIGH This Week

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Confluence Server Jira Integration For Hipchat
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2016-9446 HIGH This Week

The GStreamer multimedia framework contains an uninitialized memory vulnerability in its VMNC (VMware VNC) decoder that allows remote attackers to read sensitive information from process memory. When processing specially crafted VMNC video files (such as a single-frame movie that doesn't draw to the canvas), the decoder exposes uninitialized memory contents that may contain passwords, cryptographic keys, or other sensitive data from the application's memory space. A proof-of-concept exploit exists and has been publicly disclosed, with an EPSS score of 1.28% indicating moderate real-world exploitation likelihood.

Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2015-8855 HIGH PATCH This Week

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS).". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Node Js
NVD VulDB
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-5182 HIGH This Week

Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Open Enterprise Server
NVD VulDB
CVSS 3.0
7.5
EPSS
1.0%
CVE-2015-8854 HIGH PATCH This Week

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Marked Fedora
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2017-5372 HIGH This Week

The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver
NVD VulDB
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6160 HIGH PATCH This Week

tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tcpreplay
NVD GitHub VulDB
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-5697 HIGH PATCH This Week

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ruby Saml
NVD VulDB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-8860 HIGH PATCH This Week

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Node Js
NVD VulDB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-7037 HIGH PATCH This Week

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Jwt
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-9381 HIGH This Week

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Race Condition Information Disclosure Qemu Xenserver
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2016-9380 HIGH PATCH This Week

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in. Rated high severity (CVSS 7.5).

Information Disclosure Xen Xenserver
NVD VulDB
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-9870 MEDIUM This Month

EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

LDAP Code Injection Isilon Onefs
NVD VulDB
CVSS 3.0
6.7
EPSS
0.1%
CVE-2015-8861 MEDIUM POC PATCH This Month

The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Handlebars Js
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2013-7452 MEDIUM PATCH This Month

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Node Js
NVD VulDB
CVSS 3.0
6.1
EPSS
0.6%
CVE-2013-7451 MEDIUM PATCH This Month

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Node.js Node Js
NVD VulDB
CVSS 3.0
6.1
EPSS
0.6%
CVE-2013-7454 MEDIUM POC PATCH This Month

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Node Js
NVD VulDB GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2013-7453 MEDIUM PATCH This Month

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Node Js
NVD VulDB
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-6484 MEDIUM This Month

CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Netmri
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-8856 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Serve Index
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2016-8213 MEDIUM This Month

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Documentum Administrator Documentum Capital Projects Documentum Taskspace Documentum Webtop
NVD VulDB
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9385 MEDIUM PATCH This Month

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Canonical Xen Xenserver
NVD VulDB
CVSS 3.0
6.0
EPSS
0.1%
CVE-2016-5876 MEDIUM PATCH This Month

ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Owncloud
NVD VulDB
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-10104 MEDIUM This Month

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Automize
NVD VulDB
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5544 MEDIUM This Month

An issue was discovered on FiberHome Fengine S5800 switches V210R240. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Fengine S5800 Firmware
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2016-9401 MEDIUM This Month

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Authentication Bypass Use After Free Bash Debian Linux +6
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-5553 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP B2Evolution
NVD GitHub VulDB
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8859 MEDIUM PATCH This Month

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Send
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy