Skip to main content
CVE-2017-4914 CRITICAL POC PATCH THREAT Act Now

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Deserialization VMware Vsphere Data Protection
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.3%
CVE-2017-7312 CRITICAL POC Act Now

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Personify360
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
8.3%
CVE-2015-7346 CRITICAL POC Act Now

SQL injection vulnerability in ZCMS 1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zcms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.2%
CVE-2015-7326 CRITICAL POC PATCH Act Now

XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Webdav
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-7314 HIGH POC This Week

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Personify360 E Business
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.9%
CVE-2017-9355 HIGH POC This Week

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Subsonic
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
4.2%
CVE-2015-7724 HIGH POC This Week

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Fglrx Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-7723 HIGH POC This Week

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Fglrx Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7313 HIGH POC This Week

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Personify360 E Business
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-5175 HIGH PATCH Act Now

Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Apache Cxf Fediz
NVD
CVSS 3.0
7.5
EPSS
13.6%
CVE-2017-4905 MEDIUM POC PATCH This Month

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

VMware Information Disclosure Fusion Fusion Pro Workstation Player +2
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
3.4%
CVE-2015-6540 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Intellect Digital Core
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9834 MEDIUM POC This Month

An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Cyberoam Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-6087 CRITICAL PATCH Act Now

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft IBM Information Disclosure Domino
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2017-1196 CRITICAL Act Now

IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force IBM Information Disclosure Bigfix Security Compliance Analytics
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-4917 CRITICAL PATCH Act Now

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Information Disclosure Vsphere Data Protection
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-9473 MEDIUM POC This Month

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ytnef Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9471 MEDIUM POC This Month

In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9470 MEDIUM POC This Month

In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ytnef
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9474 MEDIUM POC This Month

In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9472 MEDIUM POC This Month

In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9977 HIGH PATCH This Week

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-7966 HIGH This Week

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Schneider Electric Somachine
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-4904 HIGH This Week

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service VMware Fusion Fusion Pro +3
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-4898 HIGH PATCH This Week

VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

VMware Privilege Escalation Workstation Player Workstation Pro
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-4903 HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player Workstation Pro ESXi +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-4902 HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player Workstation Pro ESXi +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2015-5232 HIGH PATCH This Week

Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Opa Ff Opa Fm
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2015-7888 HIGH This Week

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samsung Galaxy S6 Edge Firmware
NVD
CVSS 3.0
7.5
EPSS
3.8%
CVE-2015-8235 HIGH This Week

Directory traversal vulnerability in Spiffy before 5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Spiffy
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2017-7563 HIGH This Week

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2015-6240 HIGH PATCH This Week

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-4973 HIGH This Week

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Libssp
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9469 HIGH PATCH This Week

In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-9468 HIGH PATCH This Week

In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-7564 HIGH PATCH This Week

In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-7965 HIGH This Week

A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Somachine Hvac
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2016-0254 MEDIUM PATCH This Month

IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Cognos Business Intelligence
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-9500 MEDIUM PATCH This Month

In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2015-8538 MEDIUM This Month

dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-9501 MEDIUM PATCH This Month

In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-9499 MEDIUM PATCH This Month

In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-7514 MEDIUM PATCH This Month

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ironic
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-3019 MEDIUM PATCH This Month

IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2014-9310 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wordpress Backup To Dropbox
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-1178 MEDIUM This Month

IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bigfix Security Compliance Analytics
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-8939 MEDIUM This Month

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8326 MEDIUM PATCH This Month

The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Iptables Parse Module
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5960 MEDIUM This Month

IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-4900 MEDIUM PATCH This Month

VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service VMware Workstation Player Workstation Pro
NVD
CVSS 3.0
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy