Skip to main content
CVE-2017-7462 CRITICAL POC THREAT Emergency

Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Path Traversal Nfc 30Ir Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
11.3%
CVE-2015-7893 HIGH POC THREAT Act Now

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.6%.

Samsung Information Disclosure Galaxy S6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.6%
CVE-2017-7694 HIGH POC PATCH This Week

Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection PHP Symphony
NVD GitHub
CVSS 3.0
8.8
EPSS
5.4%
CVE-2017-7695 CRITICAL POC PATCH Act Now

Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Bigtree Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-6088 HIGH POC This Week

Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
6.9%
CVE-2016-4483 HIGH POC PATCH This Week

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Deserialization Denial Of Service Libxml2 Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2016-4446 HIGH POC PATCH This Week

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Setroubleshoot Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-4445 HIGH POC PATCH This Week

The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Setroubleshoot Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-4444 HIGH POC PATCH This Week

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Setroubleshoot Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-0779 CRITICAL PATCH Act Now

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache RCE Tomee
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2017-5873 MEDIUM POC This Month

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Secure Partitioning
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-5672 MEDIUM POC This Month

Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enterprise Mobile Management
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-7461 MEDIUM POC This Month

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nfc 30Ir Firmware
NVD Exploit-DB
CVSS 3.0
4.9
EPSS
7.8%
CVE-2017-7689 CRITICAL Act Now

A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Command Injection Homelynk Controller Lss100100 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2016-1908 CRITICAL PATCH Act Now

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

SSH Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-7621 MEDIUM POC This Month

Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Emli
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7691 CRITICAL Act Now

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection SAP Trex
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2013-6647 CRITICAL Act Now

A use-after-free in AnimationController::endAnimationUpdate in Google Chrome. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Use After Free Information Disclosure Chrome
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-4468 HIGH PATCH This Week

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Elastic Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2016-6811 HIGH PATCH This Week

In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Privilege Escalation Hadoop
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2015-8666 HIGH PATCH This Week

Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Debian Linux
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2015-8504 MEDIUM PATCH This Month

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2016-4989 HIGH PATCH This Week

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by. Rated high severity (CVSS 7.0). This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Setroubleshoot Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.0
EPSS
0.0%
CVE-2014-8354 MEDIUM This Month

The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2014-9837 MEDIUM PATCH This Month

coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-8613 MEDIUM PATCH This Month

Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2015-8568 MEDIUM PATCH This Month

Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service VMware Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2014-8716 MEDIUM This Month

The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-10259 MEDIUM This Month

Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ssl Visibility Appliance Sv1800 Firmware Ssl Visibility Appliance Sv800 Firmware Ssl Visibility Appliance Sv3800 Firmware Ssl Visibility Appliance Sv2800 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2016-7467 MEDIUM This Month

The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2014-8355 MEDIUM This Month

PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-7697 MEDIUM PATCH This Month

In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libsamplerate Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2014-8562 MEDIUM This Month

DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-5322 MEDIUM This Month

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libtiff Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-5969 MEDIUM This Month

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Libxml2
NVD
CVSS 3.0
4.7
EPSS
3.5%
CVE-2016-5011 MEDIUM PATCH This Month

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Util Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server +5
NVD
CVSS 3.1
4.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy