Skip to main content
CVE-2017-5689 CRITICAL POC KEV PATCH THREAT Act Now

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation Intel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2015-8257 HIGH POC THREAT Act Now

The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.4%.

Command Injection Network Camera Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
17.4%
CVE-2016-10243 CRITICAL POC PATCH THREAT Act Now

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Information Disclosure Debian Linux Fedora Tex Live
NVD
CVSS 3.0
9.8
EPSS
10.6%
CVE-2017-7476 CRITICAL POC PATCH Act Now

Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gnulib
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-5810 MEDIUM POC THREAT This Month

upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.4%.

Information Disclosure Webaccess
NVD
CVSS 3.0
4.9
EPSS
25.4%
CVE-2016-5063 MEDIUM POC THREAT This Month

The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

Microsoft Authentication Bypass Server Automation
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
16.9%
CVE-2017-8419 HIGH POC This Week

LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Lame
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2017-7483 HIGH POC This Week

Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Rxvt Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2017-6551 CRITICAL Act Now

Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Pexip Infinity
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2016-5006 CRITICAL Act Now

The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Cloud Foundry Elastic Runtime
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-0331 HIGH PATCH This Week

An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Nvidia Google Android Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9004 HIGH PATCH This Week

kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Privilege Escalation Linux Kernel Android
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-8418 LOW POC PATCH Monitor

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Rubocop
NVD GitHub
CVSS 3.0
3.3
EPSS
0.1%
CVE-2014-9940 HIGH PATCH This Week

The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +1
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2017-7440 MEDIUM PATCH This Month

Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Microsoft Kerio Connect Kerio Connect Client
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-7216 MEDIUM This Month

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-8086 MEDIUM PATCH This Month

Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-8112 MEDIUM PATCH This Month

hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-4467 MEDIUM This Month

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Apache Information Disclosure Qpid Proton
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-8421 MEDIUM PATCH This Month

The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4442 MEDIUM PATCH This Month

The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Rack Mini Profiler
NVD GitHub
CVSS 3.0
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy