Skip to main content
CVE-2017-6361 CRITICAL POC THREAT Emergency

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.5%.

Qnap Command Injection Qts
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
90.5%
Threat
6.2
CVE-2017-6360 CRITICAL POC THREAT Emergency

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.0%.

Qnap Command Injection Qts
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.0%
Threat
5.9
CVE-2017-6359 CRITICAL POC THREAT Emergency

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.4%.

Qnap Command Injection Qts
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
61.4%
Threat
5.3
CVE-2014-7279 CRITICAL POC THREAT Emergency

The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 51.6%.

Privilege Escalation Konke Smart Plug Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
51.6%
Threat
5.0
CVE-2014-8731 CRITICAL Emergency

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 47.1% and no vendor patch available.

Deserialization PHP Phpmemcachedadmin
NVD
CVSS 3.0
9.8
EPSS
47.1%
CVE-2017-6517 CRITICAL POC THREAT Emergency

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.7%.

RCE Microsoft Skype
NVD
CVSS 3.0
9.8
EPSS
19.7%
Threat
4.1
CVE-2017-5227 HIGH POC THREAT Act Now

QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%.

Qnap Information Disclosure Qts
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
19.5%
CVE-2017-6895 CRITICAL POC Act Now

USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Usb Pratirodh
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2017-6191 HIGH POC THREAT Act Now

Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Buffer Overflow RCE Apng Disassembler
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
11.7%
CVE-2015-5729 CRITICAL POC Act Now

The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Nt14U Firmware X14J Firmware X14H Firmware +3
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-5538 CRITICAL PATCH Act Now

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-5897 CRITICAL PATCH Act Now

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux +1
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2016-5757 CRITICAL Act Now

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2015-0855 CRITICAL PATCH Act Now

The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Pitivi
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2015-8626 CRITICAL PATCH Act Now

The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-6950 CRITICAL Act Now

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Gui For Windows
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2015-4166 CRITICAL Act Now

Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Key Trustee Server
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-5206 CRITICAL PATCH Act Now

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Linux Authentication Bypass Firejail
NVD GitHub
CVSS 3.0
9.0
EPSS
2.4%
CVE-2016-5750 HIGH This Week

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Access Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-7235 HIGH PATCH This Week

An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Cloudflare Scrape Cloudflare
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-1597 HIGH This Week

A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Access Governance Suite
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-5758 HIGH This Week

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Access Manager
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-8623 HIGH PATCH This Week

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Mediawiki
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-8624 HIGH PATCH This Week

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Mediawiki
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-10048 HIGH PATCH This Week

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Imagemagick Leap
NVD GitHub
CVSS 3.0
7.5
EPSS
4.9%
CVE-2016-9396 HIGH PATCH This Week

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2016-9398 HIGH PATCH This Week

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper Fedora Leap Linux Enterprise Desktop +2
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2016-9399 HIGH PATCH This Week

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper Fedora Leap
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2017-7246 HIGH This Week

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pcre
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-10059 HIGH PATCH This Week

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-10049 HIGH PATCH This Week

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2016-10054 HIGH PATCH This Week

Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2016-10057 HIGH PATCH This Week

Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-10055 HIGH PATCH This Week

Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-10051 HIGH PATCH This Week

Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Imagemagick Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-9387 HIGH PATCH This Week

Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Jasper
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-8886 HIGH This Week

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jasper
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-9397 HIGH PATCH This Week

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2016-10050 HIGH PATCH This Week

Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-10052 HIGH PATCH This Week

Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-7245 HIGH This Week

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pcre
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-10056 HIGH PATCH This Week

Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-9389 HIGH PATCH This Week

The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2016-1602 HIGH This Week

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Linux Enterprise Desktop Linux Enterprise Server Suse Linux Enterprise Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9775 HIGH This Week

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Ubuntu Debian Privilege Escalation Debian Linux +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-7199 HIGH This Week

Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nessus
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9774 HIGH This Week

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Ubuntu Debian Information Disclosure Debian Linux +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5207 HIGH PATCH This Week

Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Firejail
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-9275 HIGH PATCH This Week

Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Libdwarf
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2016-9391 HIGH PATCH This Week

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy