Skip to main content
CVE-2017-7230 CRITICAL POC THREAT Emergency

A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.6%.

Buffer Overflow RCE Disk Sorter
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
65.6%
Threat
5.4
CVE-2017-6971 HIGH POC THREAT Act Now

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.2%.

RCE PHP Ossim Unified Security Management Nfsen
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
29.2%
Threat
4.1
CVE-2017-6972 CRITICAL POC THREAT Emergency

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Information Disclosure Ossim Unified Security Management Nfsen
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.1%
Threat
4.0
CVE-2017-6970 HIGH POC This Week

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ossim Unified Security Management Nfsen
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
0.5%
CVE-2017-7231 HIGH POC This Week

pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file.c' source file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pngdefry
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-5673 MEDIUM POC This Month

In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kunena
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-3853 CRITICAL Act Now

A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Iox
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-7226 CRITICAL PATCH Act Now

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2017-3851 HIGH This Week

A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Iox
NVD
CVSS 3.0
7.5
EPSS
7.6%
CVE-2017-3858 HIGH This Week

A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Code Injection Cisco Ios Xe
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-3864 HIGH This Week

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2017-5874 HIGH This Week

CSRF exists on D-Link DIR-600M Rev. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF D-Link Dir 600M Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-3852 HIGH This Week

A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Iox
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2014-9835 HIGH This Week

Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Imagemagick
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2014-9834 HIGH This Week

Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Imagemagick
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2014-9833 HIGH This Week

Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Imagemagick
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2014-9832 HIGH This Week

Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Imagemagick
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-3857 HIGH This Week

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2017-3856 HIGH This Week

A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Ios Xe
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2014-9839 HIGH This Week

magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Imagemagick
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-7227 HIGH PATCH This Week

GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Binutils
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-7225 HIGH PATCH This Week

The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-7223 HIGH PATCH This Week

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Binutils
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-3859 HIGH This Week

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Ios Xe
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-7222 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Mantisbt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7224 MEDIUM PATCH This Month

The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2014-9840 MEDIUM This Month

ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Imagemagick
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2014-9836 MEDIUM This Month

ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Imagemagick
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2014-9838 MEDIUM This Month

magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick
NVD
CVSS 3.0
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy