Skip to main content
CVE-2017-6510 HIGH POC THREAT Act Now

Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 59.8%.

Path Traversal Easy File Sharing Ftp Server
NVD
CVSS 3.0
7.5
EPSS
59.8%
Threat
4.8
CVE-2017-6023 CRITICAL Act Now

An issue was discovered in Fatek Automation PLC Ethernet Module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Ethernet Module Configuration Tool Cbe Firmware Ethernet Module Configuration Tool Cbeh Firmware +2
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2015-8981 CRITICAL PATCH Act Now

Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Podofo
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-5505 MEDIUM POC This Month

The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Jasper
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-10187 MEDIUM POC PATCH This Month

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Calibre
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6952 HIGH PATCH This Week

Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service (heap-based buffer overflow in a kernel driver) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Capstone
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-6381 HIGH PATCH This Week

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE PHP Drupal
NVD
CVSS 3.0
8.1
EPSS
3.3%
CVE-2017-6949 HIGH PATCH This Week

An issue was discovered in CHICKEN Scheme through 4.12.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Chicken
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-5643 HIGH PATCH This Week

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF XXE Apache Camel
NVD
CVSS 3.0
7.4
EPSS
1.4%
CVE-2017-5617 HIGH PATCH This Week

The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Debian Linux Svg Salamander
NVD GitHub
CVSS 3.1
7.4
EPSS
1.1%
CVE-2017-6377 HIGH PATCH This Week

When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Drupal
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6379 HIGH PATCH This Week

Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Drupal
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-5667 MEDIUM PATCH This Month

The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow RCE Denial Of Service Information Disclosure Qemu +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-5857 MEDIUM PATCH This Month

Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-5856 MEDIUM PATCH This Month

Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-0770 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Connections Business Directory Plugin
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-10247 MEDIUM PATCH This Month

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2016-10246 MEDIUM PATCH This Month

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2017-6951 MEDIUM This Month

The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-6061 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS SAP Businessobjects Financial Consolidation
NVD
CVSS 3.0
4.7
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy