Skip to main content
CVE-2017-7180 HIGH POC This Week

Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Net Monitor For Employees
NVD Exploit-DB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2016-4471 HIGH This Week

ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Cloudforms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2015-2252 HIGH This Week

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Huawei Oceanstor Uds Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2014-3498 HIGH PATCH This Week

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ansible
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-9519 HIGH This Week

atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atmail
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9518 HIGH This Week

atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atmail
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9517 HIGH This Week

atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atmail
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-1786 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Zend Framework
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9698 HIGH PATCH This Week

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Rational Rhapsody Design Manager
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2016-6098 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2015-2800 HIGH This Week

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass S5700 Firmware S5300 Firmware +5
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2016-9991 HIGH PATCH This Week

IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2015-1379 HIGH PATCH This Week

The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Socat
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2015-3634 HIGH PATCH This Week

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Slideshow
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-4912 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Buffer Overflow Microsoft Information Disclosure VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4911 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Buffer Overflow Microsoft Memory Corruption VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4910 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Buffer Overflow Microsoft Information Disclosure VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4909 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Denial Of Service Microsoft VMware Horizon View +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4908 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Denial Of Service Microsoft VMware Horizon View +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8108 HIGH This Week

Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lynis
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6638 HIGH This Week

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4913 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Integer Overflow Denial Of Service Microsoft VMware Horizon View +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9022 HIGH This Week

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Strongswan Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2017-9023 HIGH This Week

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Strongswan
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2016-6594 HIGH This Week

Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Secure Gateway Cacheflow Proxysg
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6648 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Ce Software Telepresence Tc Software
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-3091 HIGH This Week

Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Diego
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-4992 HIGH This Week

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3112 HIGH PATCH This Week

client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Pulp
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-5416 HIGH This Week

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3099 HIGH This Week

mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2014-7919 HIGH This Week

b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Android
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-3913 HIGH This Week

The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S2300 Firmware S2700 Firmware S3300 Firmware +19
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-4457 HIGH This Week

CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudforms Management Engine
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-1319 HIGH PATCH This Week

IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Tivoli Federated Identity Manager
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-2251 HIGH This Week

The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Oceanstor Uds Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-3108 HIGH PATCH This Week

The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Pulp
NVD GitHub
CVSS 3.0
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy