Skip to main content
CVE-2017-7314 HIGH POC This Week

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Personify360 E Business
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.9%
CVE-2017-9355 HIGH POC This Week

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Subsonic
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
4.2%
CVE-2015-7724 HIGH POC This Week

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Fglrx Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-7723 HIGH POC This Week

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Fglrx Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7313 HIGH POC This Week

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Personify360 E Business
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-5175 HIGH PATCH Act Now

Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Apache Cxf Fediz
NVD
CVSS 3.0
7.5
EPSS
13.6%
CVE-2016-9977 HIGH PATCH This Week

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-7966 HIGH This Week

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Schneider Electric Somachine
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-4904 HIGH This Week

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service VMware Fusion Fusion Pro +3
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-4898 HIGH PATCH This Week

VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

VMware Privilege Escalation Workstation Player Workstation Pro
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-4903 HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player Workstation Pro ESXi +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-4902 HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player Workstation Pro ESXi +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2015-5232 HIGH PATCH This Week

Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Opa Ff Opa Fm
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2015-7888 HIGH This Week

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samsung Galaxy S6 Edge Firmware
NVD
CVSS 3.0
7.5
EPSS
3.8%
CVE-2015-8235 HIGH This Week

Directory traversal vulnerability in Spiffy before 5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Spiffy
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2017-7563 HIGH This Week

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2015-6240 HIGH PATCH This Week

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-4973 HIGH This Week

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Libssp
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9469 HIGH PATCH This Week

In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-9468 HIGH PATCH This Week

In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-7564 HIGH PATCH This Week

In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-7965 HIGH This Week

A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Somachine Hvac
NVD
CVSS 3.1
7.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy