Skip to main content
CVE-2017-7240 HIGH POC THREAT Act Now

An issue was discovered on Miele Professional PST10 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.7%.

Path Traversal Pst10 Webserver
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
32.7%
Threat
4.0
CVE-2017-6087 HIGH POC PATCH This Week

EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Command Injection Eonweb
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
5.8%
CVE-2017-5869 HIGH POC This Week

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nuxeo
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.6%
CVE-2016-10269 HIGH POC PATCH This Week

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libtiff
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-5507 HIGH PATCH Act Now

Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4%.

Denial Of Service Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
11.4%
CVE-2017-6369 HIGH This Week

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Firebird
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2017-5199 HIGH This Week

The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Log And Event Manager
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2017-5198 HIGH This Week

SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Log And Event Manager
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-10129 HIGH PATCH This Week

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2
NVD GitHub
CVSS 3.0
7.5
EPSS
4.8%
CVE-2017-5335 HIGH PATCH This Week

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Leap Gnutls
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2016-7797 HIGH PATCH This Week

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pacemaker Leap Linux Enterprise High Availability Linux Enterprise Software Development Kit +2
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2016-10270 HIGH PATCH This Week

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libtiff
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-10272 HIGH PATCH This Week

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Libtiff
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-10271 HIGH PATCH This Week

tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Libtiff
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-5506 HIGH PATCH This Week

Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-5509 HIGH PATCH This Week

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-5510 HIGH PATCH This Week

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-10268 HIGH PATCH This Week

tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libtiff
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-10146 HIGH PATCH This Week

Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2016-10149 HIGH PATCH This Week

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Pysaml2 Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-2224 HIGH PATCH This Week

The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Uclibc Ng
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-2225 HIGH PATCH This Week

The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Uclibc Ng
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-7243 HIGH This Week

Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tinydtls
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-10132 HIGH PATCH This Week

regexp.c in Artifex Software, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Mujs Fedora
NVD
CVSS 3.0
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy