Skip to main content
CVE-2017-4971 MEDIUM PATCH This Month

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 75.4%.

Java Information Disclosure Spring Web Flow
NVD
CVSS 3.0
5.9
EPSS
75.4%
CVE-2017-9246 CRITICAL POC PATCH Act Now

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Net Agent New Relic
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-9603 HIGH POC This Week

SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wp Jobs
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.3%
CVE-2017-9429 HIGH POC This Week

SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Event List
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-1099 MEDIUM This Month

IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 35.5% and no vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
4.3
EPSS
35.5%
CVE-2016-6655 CRITICAL PATCH Act Now

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Cf Mysql Release Cf Release
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2017-6683 HIGH This Week

A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection Elastic Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
9.5%
CVE-2017-6667 CRITICAL Act Now

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Context Service Development Kit
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-2773 CRITICAL Act Now

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Cloud Foundry Elastic Runtime
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-8218 CRITICAL PATCH Act Now

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cf Release Routing Release
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-5411 CRITICAL Act Now

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Quickstart Cloud Installer
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-4955 CRITICAL Act Now

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Cloud Foundry Elastic Runtime
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-4992 CRITICAL PATCH Act Now

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cf Release Cloud Foundry Uaa Bosh Cloud Foundry Uaa
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2016-9984 HIGH This Week

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2017-6692 HIGH This Week

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Framework Element Manager
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-6688 HIGH This Week

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-6684 HIGH This Week

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-6682 HIGH This Week

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection Elastic Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-6689 HIGH This Week

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-6687 HIGH This Week

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Framework Element Manager
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-6686 HIGH This Week

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Framework Element Manager
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-6685 HIGH This Week

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Framework Staging Server
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-4959 HIGH This Week

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Cloud Foundry Elastic Runtime
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-4973 HIGH PATCH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cloud Foundry Uaa Bosh Cloud Foundry Cf Cloud Foundry Uaa
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-6659 HIGH This Week

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Prime Collaboration Assurance
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-4961 HIGH This Week

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bosh
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-4963 HIGH This Week

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Cloud Foundry Cf Release Cloud Foundry Uaa Cloud Foundry Uaa Release
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-6681 HIGH This Week

A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Ultra Services Framework
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-4966 HIGH This Week

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq Server Rabbitmq Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2015-9030 HIGH This Week

In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Google Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8240 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-7369 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10342 HIGH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10340 HIGH This Week

In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9028 HIGH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9025 HIGH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9023 HIGH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9963 HIGH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9960 HIGH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10341 HIGH This Week

In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10338 HIGH This Week

In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9033 HIGH This Week

In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9027 HIGH This Week

In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9026 HIGH This Week

In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9020 HIGH This Week

In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9967 HIGH This Week

In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9965 HIGH This Week

In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9964 HIGH This Week

In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9962 HIGH This Week

In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9029 HIGH This Week

In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Google Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy