Skip to main content
CVE-2017-6334 HIGH POC KEV THREAT Act Now

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Netgear
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
89.2%
Threat
7.4
CVE-2017-6416 CRITICAL POC THREAT Emergency

An issue was discovered in SysGauge 1.5.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.6%.

Buffer Overflow RCE Sysgauge
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
64.6%
Threat
5.4
CVE-2017-6351 HIGH POC This Week

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Wipg 1500 Firmware
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
9.0%
CVE-2017-6411 HIGH POC This Week

Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dsl 2730U Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-5633 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Di 524 Firmware
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
1.4%
CVE-2016-10244 HIGH POC This Week

The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freetype Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-6497 HIGH PATCH This Week

An issue was discovered in ImageMagick 6.9.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-5999 HIGH PATCH This Week

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Syspass
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6503 MEDIUM PATCH This Month

WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Qbittorrent
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5197 MEDIUM PATCH This Month

There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Silverstripe
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6504 MEDIUM PATCH This Month

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qbittorrent
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6498 MEDIUM PATCH This Month

An issue was discovered in ImageMagick 6.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6499 MEDIUM PATCH This Month

An issue was discovered in Magick++ in ImageMagick 6.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6500 MEDIUM PATCH This Month

An issue was discovered in ImageMagick 6.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6502 MEDIUM PATCH This Month

An issue was discovered in ImageMagick 6.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-6501 MEDIUM PATCH This Month

An issue was discovered in ImageMagick 6.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy