Skip to main content
CVE-2017-6398 HIGH POC THREAT Act Now

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.6%.

Trend Micro Command Injection Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
64.6%
Threat
5.2
CVE-2017-6367 HIGH POC THREAT Act Now

In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.8%.

Denial Of Service Microsoft Ftp Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
39.8%
Threat
4.2
CVE-2017-6516 MEDIUM POC THREAT This Month

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 21.4%.

Linux Privilege Escalation Sysinfo
NVD Exploit-DB
CVSS 3.0
6.7
EPSS
21.4%
CVE-2013-4659 CRITICAL POC THREAT Emergency

Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%.

Buffer Overflow Broadcom RCE Rt Ac66U Firmware Tew 812Dru Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
11.5%
CVE-2016-8023 HIGH POC THREAT Act Now

Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 11.3%.

Intel Authentication Bypass Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
11.3%
CVE-2016-8024 HIGH POC This Week

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Intel Information Disclosure Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
9.2%
CVE-2017-6896 HIGH POC This Week

Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dg Hr1400 Router Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2016-8022 HIGH POC This Week

Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service RCE Intel Authentication Bypass Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.6%
CVE-2016-8020 HIGH POC This Week

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Intel Code Injection Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
2.9%
CVE-2016-8027 CRITICAL Act Now

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.6% and no vendor patch available.

Intel SQLi Epolicy Orchestrator
NVD
CVSS 3.0
10.0
EPSS
12.6%
CVE-2016-8017 MEDIUM POC THREAT This Month

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%.

Intel Code Injection Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
4.1
EPSS
14.3%
CVE-2016-8025 MEDIUM POC This Month

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Intel SQLi Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
6.2
EPSS
1.8%
CVE-2016-8019 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Intel Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-5668 CRITICAL PATCH Act Now

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service RCE Bitlbee Bitlbee Libpurple
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-10188 CRITICAL PATCH Act Now

Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free RCE Bitlbee
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2014-9921 CRITICAL Act Now

Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation Information Disclosure Cloud Analysis And Deconstructive Services
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-2997 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2016-10169 MEDIUM POC PATCH This Month

The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wavpack
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-10172 MEDIUM POC PATCH This Month

The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wavpack
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-10171 MEDIUM POC PATCH This Month

The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wavpack
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-10170 MEDIUM POC PATCH This Month

The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wavpack
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-8021 MEDIUM POC This Month

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Intel Jwt Attack Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
5.0
EPSS
2.8%
CVE-2017-2999 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2017-2998 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2016-8016 LOW POC Monitor

Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Intel Information Disclosure Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
3.4
EPSS
9.8%
CVE-2017-3002 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2017-3001 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2017-3003 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2015-8988 HIGH PATCH This Week

Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Intel Command Injection Epo Deep Command
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-8989 HIGH This Week

Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Vulnerability Manager
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-8008 HIGH This Week

Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Security Scan Plus
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-3000 MEDIUM PATCH This Month

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.1%.

Adobe Information Disclosure Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
6.5
EPSS
11.1%
CVE-2016-8018 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Intel CSRF Virusscan Enterprise
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
0.4%
CVE-2017-2983 HIGH This Week

Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Shockwave Player
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2016-10189 HIGH PATCH This Week

BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service RCE Bitlbee Bitlbee Libpurple
NVD GitHub
CVSS 3.0
7.5
EPSS
3.2%
CVE-2016-8747 HIGH PATCH This Week

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Tomcat Java
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2013-7462 HIGH This Week

A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Intel Saas Control Console Platform
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2017-6903 HIGH PATCH This Week

In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ioquake3
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8026 HIGH This Week

Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Security Scan Plus
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8009 HIGH This Week

Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Intel Privilege Escalation Application Control
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8010 HIGH This Week

Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Application Control Endpoint Security
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-8012 HIGH This Week

Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Data Loss Prevention Endpoint
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10252 HIGH PATCH This Week

Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2014-8688 HIGH This Week

An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Messenger
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2015-8990 HIGH This Week

Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Authentication Bypass Advanced Threat Defense
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9368 HIGH This Week

An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xcomfort Ethernet Communication Interface
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-6874 HIGH PATCH This Week

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2015-8993 HIGH This Week

Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Privilege Escalation Security Webadvisor Cloud Av Security Scan Plus
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-8992 HIGH This Week

Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Privilege Escalation Security Webadvisor Cloud Av Security Scan Plus
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-8991 HIGH This Week

Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Privilege Escalation Security Webadvisor Cloud Av Security Scan Plus
NVD
CVSS 3.0
7.0
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy