Skip to main content
CVE-2016-10372 CRITICAL POC THREAT Emergency

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.1%.

Privilege Escalation D1000 Modem Firmware
NVD
CVSS 3.0
9.8
EPSS
93.1%
Threat
6.3
CVE-2017-6079 CRITICAL POC THREAT Emergency

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.4%.

Information Disclosure Edgemarc Firmware
NVD
CVSS 3.1
9.8
EPSS
32.4%
Threat
4.4
CVE-2017-7952 HIGH POC This Week

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Enterprise Asset Management
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6886 CRITICAL PATCH Act Now

An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libraw
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-6885 CRITICAL Act Now

An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flexnet Manager Suite
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-3882 CRITICAL Act Now

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Denial Of Service Small Business Rv Router Firmware +1
NVD
CVSS 3.0
9.6
EPSS
1.1%
CVE-2017-7953 MEDIUM POC This Month

INFOR EAM V11.0 Build 201410 has XSS via comment fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enterprise Asset Management
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-7662 HIGH PATCH This Week

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Apache Cxf Fediz
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-7661 HIGH PATCH This Week

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Java Apache Cxf Fediz
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-8382 MEDIUM POC PATCH This Month

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF PHP Admidio
NVD GitHub Exploit-DB
CVSS 3.0
4.5
EPSS
0.6%
CVE-2017-6887 HIGH PATCH This Week

A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libraw
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2014-9931 HIGH PATCH This Week

A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-10239 HIGH PATCH This Week

In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8999 HIGH PATCH This Week

In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9937 HIGH PATCH This Week

In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9935 HIGH PATCH This Week

In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Google Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10238 HIGH PATCH This Week

In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Linux Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9003 HIGH PATCH This Week

In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9002 HIGH PATCH This Week

In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9000 HIGH PATCH This Week

In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8998 HIGH PATCH This Week

In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Google Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8995 HIGH PATCH This Week

In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Google Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9933 HIGH PATCH This Week

Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9932 HIGH PATCH This Week

In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Google Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10237 HIGH PATCH This Week

If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Google Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9934 HIGH PATCH This Week

A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Linux Jwt Attack Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-3876 HIGH This Week

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Ios Xr
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6658 HIGH This Week

Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Information Disclosure Sourcefire Snort
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6657 HIGH This Week

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Snort
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6651 HIGH This Week

A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-3825 HIGH This Week

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Ce Telepresence Tc
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-3873 HIGH This Week

A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

RCE Cisco Aironet Access Point Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2014-9936 HIGH PATCH This Week

In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-10242 HIGH PATCH This Week

A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-8997 HIGH PATCH This Week

In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-8996 HIGH PATCH This Week

In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-9001 MEDIUM PATCH This Month

In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-7488 MEDIUM PATCH This Month

Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Authconfig
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy