Skip to main content
CVE-2014-9938 HIGH POC PATCH This Week

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-6803 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ftp Voyager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-5618 HIGH POC PATCH This Week

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Screen
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2017-6178 HIGH POC This Week

The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Usbpcap
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6816 HIGH POC PATCH This Week

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Tomcat Apache
NVD Exploit-DB
CVSS 3.0
7.1
EPSS
2.9%
CVE-2016-4929 HIGH This Week

Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Juniper Command Injection Junos Space
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2017-7186 HIGH PATCH This Week

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Pcre Pcre2
NVD
CVSS 3.0
7.5
EPSS
7.1%
CVE-2016-4928 HIGH This Week

Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Juniper Junos Space
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1145 HIGH PATCH This Week

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
8.6
EPSS
0.5%
CVE-2017-1151 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2015-8983 HIGH PATCH This Week

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Integer Overflow RCE Denial Of Service Buffer Overflow Glibc
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-4927 HIGH This Week

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-6058 HIGH PATCH This Week

Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Qemu
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2012-5361 HIGH This Week

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Ffmpeg
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2014-9850 HIGH PATCH This Week

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9849 HIGH PATCH This Week

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9842 HIGH PATCH This Week

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9848 HIGH PATCH This Week

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse Suse Linux Enterprise Desktop Suse Linux Enterprise Server +5
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2014-9851 HIGH PATCH This Week

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2017-1134 HIGH PATCH This Week

IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Privilege Escalation Power Hardware Management Console
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7187 HIGH PATCH This Week

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-5857 HIGH This Week

The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm RCE Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-9165 HIGH This Week

The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unified Infrastructure Management Unified Infrastructure Management Snap
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-6318 HIGH This Week

saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Sane Backends
NVD
CVSS 3.0
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy