Skip to main content
CVE-2017-5850 HIGH POC PATCH THREAT Act Now

httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

Denial Of Service Openbsd
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
49.6%
Threat
4.5
CVE-2017-7183 HIGH POC THREAT Act Now

The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.9%.

Denial Of Service Extraputty
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
34.9%
Threat
4.0
CVE-2016-10225 HIGH POC PATCH Act Now

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux 3 4 Sunxi
NVD
CVSS 3.1
7.8
EPSS
6.1%
CVE-2017-6957 HIGH POC This Week

Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Broadcom Cisco RCE Bcm4339 Soc Firmware
NVD
CVSS 3.0
8.1
EPSS
9.7%
CVE-2017-5330 HIGH POC PATCH This Week

ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Fedora Ark
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-4912 HIGH POC This Week

The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openslp
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-5899 HIGH POC This Week

Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Path Traversal S Nail
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.7%
CVE-2017-6458 HIGH PATCH Act Now

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.6%.

Buffer Overflow Ntp Hpux Ntp Mac Os X Simatic Net Cp 443 1 Opc Ua Firmware
NVD
CVSS 3.1
8.8
EPSS
10.6%
CVE-2017-6460 HIGH PATCH This Week

Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Ntp
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2017-1153 HIGH PATCH This Week

IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-8960 HIGH PATCH This Week

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Cognos Business Intelligence
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-5931 HIGH PATCH This Week

Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Integer Overflow RCE Denial Of Service Buffer Overflow Qemu
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-6069 HIGH This Week

Subrion CMS 4.0.5 has CSRF in admin/blog/add/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Subrion Cms
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6068 HIGH This Week

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Subrion Cms
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6066 HIGH This Week

Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Subrion Cms
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6002 HIGH This Week

Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Subrion Cms
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-8763 HIGH PATCH This Week

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Information Disclosure Freeradius
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2015-8764 HIGH PATCH This Week

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Freeradius
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2015-8026 HIGH PATCH This Week

Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Exfat
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2015-0864 HIGH This Week

Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Privilege Escalation RCE Galaxy App Samsung Account App
NVD
CVSS 3.0
8.0
EPSS
0.3%
CVE-2015-0863 HIGH This Week

GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Google Privilege Escalation RCE Galaxy App +1
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2017-5237 HIGH This Week

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ev 07S Gps Tracker Firmware
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-5932 HIGH PATCH This Week

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Bash
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-9243 HIGH PATCH This Week

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cryptography Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2017-6462 HIGH PATCH This Week

Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ntp
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6451 HIGH PATCH This Week

The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption RCE Ntp
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6452 HIGH PATCH This Week

Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Ntp
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9252 HIGH This Week

The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-7272 HIGH PATCH This Week

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF PHP
NVD GitHub
CVSS 3.0
7.4
EPSS
1.1%
CVE-2017-5239 HIGH This Week

Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ev 07S Gps Tracker Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-6455 HIGH PATCH This Week

NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. Rated high severity (CVSS 7.0). This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Ntp
NVD
CVSS 3.0
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy