Skip to main content
CVE-2017-7581 CRITICAL POC THREAT Emergency

SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.5%.

SQLi PHP News System
NVD
CVSS 3.0
9.8
EPSS
64.5%
Threat
5.4
CVE-2017-0561 CRITICAL POC PATCH THREAT Act Now

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.9%.

Buffer Overflow Broadcom RCE Google Memory Corruption +1
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.9%
Threat
4.6
CVE-2017-6019 HIGH POC THREAT Act Now

An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.5%.

Denial Of Service Schneider Electric Conext Combox 865 1058 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-7577 CRITICAL POC Act Now

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Uc Httpd
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2016-7786 HIGH POC This Week

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos Privilege Escalation Cyberoam Cr25Ing Utm Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.6%
CVE-2017-7570 HIGH POC This Week

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Pivotx
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-0563 HIGH POC PATCH This Week

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Google Linux Kernel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0569 HIGH POC This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Broadcom Google RCE Linux Kernel
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
2.7%
CVE-2017-0541 HIGH PATCH This Week

A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD GitHub
CVSS 3.0
7.8
EPSS
4.6%
CVE-2017-0564 HIGH PATCH This Week

An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2017-0554 HIGH This Week

An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-6600 HIGH This Week

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Firepower Extensible Operating System Unified Computing System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6597 HIGH This Week

A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Firepower Extensible Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-7578 HIGH PATCH This Week

Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Libming
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-0540 HIGH PATCH This Week

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-7584 HIGH PATCH This Week

Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service Foxit Pdf Toolkit
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0543 HIGH PATCH This Week

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0542 HIGH PATCH This Week

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0539 HIGH PATCH This Week

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0538 HIGH PATCH This Week

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-6033 HIGH This Week

A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Interactive Graphical Scada System
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0562 HIGH This Week

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0546 HIGH This Week

An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google RCE Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0545 HIGH This Week

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0544 HIGH This Week

An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6601 HIGH This Week

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Firepower Extensible Operating System Unified Computing System
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2017-0553 HIGH This Week

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow RCE Google Android
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0583 HIGH This Week

An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0581 HIGH This Week

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0580 HIGH PATCH This Week

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0579 HIGH This Week

An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0577 HIGH PATCH This Week

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0575 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0574 HIGH PATCH This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Broadcom Google RCE Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0573 HIGH PATCH This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Broadcom Google RCE Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0572 HIGH PATCH This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Broadcom Google RCE Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0571 HIGH This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Broadcom Google RCE Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0570 HIGH PATCH This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Broadcom Google RCE Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0568 HIGH PATCH This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Broadcom Google RCE Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0567 HIGH This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Broadcom Google RCE Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0454 HIGH This Week

An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0576 HIGH This Week

An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow RCE Qualcomm Google Linux Kernel
NVD GitHub
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0462 HIGH This Week

An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Qualcomm RCE Race Condition Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0582 HIGH PATCH This Week

An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0578 HIGH PATCH This Week

An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-0566 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-0565 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-9196 MEDIUM This Month

A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Aironet Access Point
NVD
CVSS 3.0
6.7
EPSS
0.2%
CVE-2016-9197 MEDIUM This Month

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Mobility Services Engine
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-6598 MEDIUM This Month

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Privilege Escalation Firepower Extensible Operating System Unified Computing System
NVD
CVSS 3.0
6.7
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy