Skip to main content
CVE-2017-6550 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Infor Lawson
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.9%
CVE-2017-5930 LOW POC PATCH THREAT Monitor

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.9%.

Authentication Bypass PHP Leap Postfixadmin
NVD GitHub
CVSS 3.1
2.7
EPSS
39.9%
CVE-2014-9938 HIGH POC PATCH This Week

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-6803 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ftp Voyager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6805 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

Path Traversal Mobaxterm
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
16.9%
CVE-2017-5618 HIGH POC PATCH This Week

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Screen
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2017-6178 HIGH POC This Week

The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Usbpcap
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6816 HIGH POC PATCH This Week

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Tomcat Apache
NVD Exploit-DB
CVSS 3.0
7.1
EPSS
2.9%
CVE-2014-9847 CRITICAL PATCH Act Now

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Studio Onsite Opensuse Leap Suse Linux Enterprise Debuginfo +6
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2014-9846 CRITICAL PATCH Act Now

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Studio Onsite Leap Opensuse Suse Linux Enterprise Debuginfo +6
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2016-4926 CRITICAL Act Now

Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2014-9841 CRITICAL PATCH Act Now

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2015-8954 CRITICAL Act Now

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Privilege Escalation
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2014-9843 CRITICAL PATCH Act Now

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-6831 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Audiofile Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
2.8%
CVE-2016-4929 HIGH This Week

Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Juniper Command Injection Junos Space
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2017-7186 HIGH PATCH This Week

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Pcre Pcre2
NVD
CVSS 3.0
7.5
EPSS
7.1%
CVE-2016-4928 HIGH This Week

Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Juniper Junos Space
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1145 HIGH PATCH This Week

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
8.6
EPSS
0.5%
CVE-2017-1151 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2015-8983 HIGH PATCH This Week

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Integer Overflow RCE Denial Of Service Buffer Overflow Glibc
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-4927 HIGH This Week

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-6058 HIGH PATCH This Week

Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Qemu
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2012-5361 HIGH This Week

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Ffmpeg
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2014-9850 HIGH PATCH This Week

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9849 HIGH PATCH This Week

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9842 HIGH PATCH This Week

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9848 HIGH PATCH This Week

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse Suse Linux Enterprise Desktop Suse Linux Enterprise Server +5
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2014-9851 HIGH PATCH This Week

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2017-1134 HIGH PATCH This Week

IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Privilege Escalation Power Hardware Management Console
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7187 HIGH PATCH This Week

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-5857 HIGH This Week

The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm RCE Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-9165 HIGH This Week

The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unified Infrastructure Management Unified Infrastructure Management Snap
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-6318 HIGH This Week

saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Sane Backends
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-2981 MEDIUM PATCH This Month

An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Authentication Bypass Information Disclosure Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-6837 MEDIUM PATCH This Month

WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Audiofile
NVD GitHub
CVSS 3.0
5.5
EPSS
6.1%
CVE-2017-6839 MEDIUM PATCH This Month

Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Audiofile
NVD GitHub
CVSS 3.0
5.5
EPSS
5.8%
CVE-2017-6838 MEDIUM PATCH This Month

Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Audiofile
NVD GitHub
CVSS 3.0
5.5
EPSS
5.8%
CVE-2017-6833 MEDIUM PATCH This Month

The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Audiofile
NVD GitHub
CVSS 3.0
5.5
EPSS
5.8%
CVE-2016-4931 MEDIUM This Month

XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Juniper Junos Space
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-10214 MEDIUM PATCH This Month

Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Virglrenderer
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6836 MEDIUM PATCH This Month

Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Audiofile Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-6830 MEDIUM PATCH This Month

Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Audiofile
NVD GitHub
CVSS 3.0
5.5
EPSS
4.9%
CVE-2017-6829 MEDIUM PATCH This Month

The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Audiofile
NVD GitHub
CVSS 3.0
5.5
EPSS
4.6%
CVE-2017-6832 MEDIUM PATCH This Month

Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Audiofile Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
4.5%
CVE-2017-6835 MEDIUM PATCH This Month

The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Audiofile
NVD GitHub
CVSS 3.0
5.5
EPSS
4.5%
CVE-2017-6834 MEDIUM PATCH This Month

Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Audiofile Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
4.3%
CVE-2016-4930 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Junos Space
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-8984 MEDIUM PATCH This Month

The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Glibc
NVD
CVSS 3.0
5.9
EPSS
0.8%
CVE-2015-8985 MEDIUM PATCH This Month

The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Glibc
NVD
CVSS 3.1
5.9
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy