Skip to main content
CVE-2015-2885 CRITICAL Act Now

Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Peek A View Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-1517 MEDIUM POC PATCH This Month

OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opencv
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7647 HIGH PATCH This Week

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Log Event Manager
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2017-5607 LOW POC Monitor

Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Splunk Information Disclosure
NVD Exploit-DB
CVSS 3.0
3.5
EPSS
9.0%
CVE-2015-7274 HIGH This Week

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2016-5072 HIGH PATCH This Week

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Oxid Eshop
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2015-2889 HIGH This Week

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Baby Zoom Wifi Monitor Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2015-6028 HIGH This Week

Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Snmpc
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2016-4319 HIGH This Week

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Jira
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-8237 HIGH This Week

Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Privilege Escalation Lenovo Updates
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2016-6534 HIGH This Week

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Network Management Information System
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2017-7648 HIGH This Week

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass C1 C1 Lite C2 Fi9800Xe +8
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2015-7270 HIGH This Week

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2016-8235 HIGH This Week

Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Customer Care Software Development Kit
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7260 HIGH PATCH This Week

Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Liebert Multilink Automated Shutdown
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-7618 HIGH This Week

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2017-5988 HIGH This Week

NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-7619 HIGH PATCH This Week

In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-7265 HIGH This Week

Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Proxygen
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7263 HIGH This Week

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Proxygen
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-2886 HIGH This Week

iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M6 Baby Monitor Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7825 HIGH This Week

botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Botan
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8378 HIGH This Week

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepassx
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2014-2960 HIGH This Week

Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vision Critical
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7824 HIGH This Week

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Botan
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6605 HIGH This Week

Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cdh
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6879 HIGH This Week

The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Botan
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-10304 MEDIUM This Month

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Deserialization SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2017-7646 MEDIUM PATCH This Month

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Log Event Manager
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2015-6021 MEDIUM This Month

Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Desktop
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-6027 MEDIUM This Month

Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Snmpc
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-5682 MEDIUM POC PATCH This Month

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Swagger Ui
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-5078 MEDIUM This Month

Paessler PRTG before 16.2.24.4045 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Prtg Network Monitor
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5077 MEDIUM This Month

Netikus EventSentry before 3.2.1.44 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eventsentry
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7275 MEDIUM This Month

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7377 MEDIUM PATCH This Month

The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-10310 MEDIUM This Month

Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service SAP Sql Anywhere
NVD
CVSS 3.0
4.9
EPSS
3.5%
CVE-2017-7624 MEDIUM This Month

The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imageworsener
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-7623 MEDIUM This Month

The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Imageworsener
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8276 MEDIUM This Month

LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edoc Libraries Eparakstitajs 3
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8275 MEDIUM This Month

LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Edoc Libraries Eparakstitajs 3
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-7616 MEDIUM PATCH This Month

Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5642 MEDIUM This Month

Opmantek NMIS before 8.5.12G has XSS via SNMP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Network Management Information System
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-2883 MEDIUM This Month

Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP In Sight B120 37
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-4317 MEDIUM This Month

Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-7345 MEDIUM This Month

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-4318 MEDIUM This Month

Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2016-4320 MEDIUM This Month

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Atlassian Bitbucket
NVD
CVSS 3.0
4.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy