Skip to main content
CVE-2016-10367 HIGH POC THREAT Act Now

In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

Path Traversal Opsview
NVD
CVSS 3.0
7.5
EPSS
50.8%
Threat
4.5
CVE-2017-8454 HIGH PATCH This Week

Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-8453 HIGH PATCH This Week

Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-5481 HIGH PATCH This Week

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-7431 HIGH This Week

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Imanager
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-9976 HIGH PATCH This Week

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

RCE IBM Authentication Bypass Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
8.4
EPSS
2.1%
CVE-2017-8455 HIGH PATCH This Week

Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-5236 HIGH This Week

Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appspider Pro
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-5240 HIGH This Week

Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Appspider Pro
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-2930 HIGH PATCH This Week

IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Bigfix Remote Control
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6625 HIGH This Week

A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.0
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy