Skip to main content
CVE-2017-5173 CRITICAL POC THREAT Emergency

An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.8%.

RCE Command Injection Ip Camera G Cam Efd 2250 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
84.8%
Threat
6.0
CVE-2017-9080 HIGH POC THREAT Act Now

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.5%.

RCE PHP File Upload Playsms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
73.5%
Threat
5.5
CVE-2017-7504 CRITICAL Emergency

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 90.3% and no vendor patch available.

Deserialization Java Red Hat RCE Jboss Enterprise Application Platform
NVD
CVSS 3.0
9.8
EPSS
90.3%
Threat
4.7
CVE-2017-5174 CRITICAL POC THREAT Emergency

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.2%.

RCE Authentication Bypass Ip Camera G Cam Efd 2250 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
65.2%
Threat
5.4
CVE-2017-6048 HIGH POC THREAT Act Now

A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 45.6%.

Command Injection Sennet Multitask Meter Sennet Optimal Datalogger Sennet Solar Datalogger
NVD
CVSS 3.0
8.8
EPSS
45.6%
Threat
4.6
CVE-2017-5177 HIGH POC THREAT Act Now

A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 45.1%.

Buffer Overflow RCE Stack Overflow Winplc7 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
45.1%
Threat
4.4
CVE-2017-9098 HIGH POC PATCH This Week

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Graphicsmagick Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2017-9083 MEDIUM POC This Month

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Poppler
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-6027 CRITICAL Act Now

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Web Server
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-6025 CRITICAL Act Now

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Web Server
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-9078 HIGH PATCH This Week

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Dropbear Ssh Debian Linux H410c Firmware
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2017-9077 HIGH PATCH This Week

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2017-9076 HIGH PATCH This Week

The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-9075 HIGH PATCH This Week

The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-9074 HIGH PATCH This Week

The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-7968 HIGH This Week

An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Privilege Escalation Wonderware Indusoft Web Studio
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7935 HIGH This Week

A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mguard Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-9091 HIGH PATCH This Week

/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Allen Disk
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-9090 HIGH PATCH This Week

reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Allen Disk
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-6016 HIGH This Week

An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ltda Me Laquis Scada
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-4979 HIGH This Week

EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Isilon Onefs
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2017-5176 HIGH PATCH This Week

A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Rockwell Information Disclosure Connected Components Workbench
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-5241 MEDIUM PATCH This Month

After logging into the portal, the logout jsp page redirects the browser back to the login page after. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Apache Juddi
NVD
CVSS 3.0
6.1
EPSS
3.0%
CVE-2017-7907 MEDIUM This Month

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service XXE Schneider Electric Wonderware Historian Client
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-9094 MEDIUM PATCH This Month

The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imageworsener
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-9093 MEDIUM PATCH This Month

The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imageworsener
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-7475 MEDIUM PATCH This Month

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Cairo
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2017-4978 MEDIUM This Month

EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adaptive Authentication On Premise
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9079 MEDIUM PATCH This Month

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. Rated medium severity (CVSS 4.7). This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Dropbear Ssh Debian Linux
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-7937 MEDIUM This Month

An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Mguard Firmware
NVD
CVSS 3.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy