Skip to main content
CVE-2017-9841 CRITICAL POC KEV PATCH THREAT Act Now

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

PHP Code Injection RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2015-7780 MEDIUM POC THREAT This Month

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.2%.

Path Traversal Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
6.5
EPSS
36.2%
CVE-2017-2491 HIGH POC THREAT Act Now

Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.7%.

Denial Of Service Use After Free RCE Memory Corruption Apple +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
21.7%
CVE-2017-6086 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Vimbadmin
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9982 HIGH POC This Week

TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the &#5610; Unicode character followed by the &#3903; Unicode character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Teamspeak Client
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-9830 CRITICAL Act Now

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Apache RCE Crashplan
NVD
CVSS 3.0
9.8
EPSS
9.2%
CVE-2017-1297 HIGH POC PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow RCE Microsoft IBM Data Server Client +5
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
0.3%
CVE-2014-6354 HIGH Act Now

Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.7% and no vendor patch available.

Buffer Overflow RCE Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
16.7%
CVE-2015-1778 CRITICAL PATCH GHSA Act Now

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Tomcat Authentication Bypass Opendaylight
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2016-0959 CRITICAL Act Now

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Adobe +8
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2015-7895 MEDIUM POC This Month

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Samsung Samsung Mobile
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-7898 MEDIUM POC This Month

Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Samsung Samsung Mobile
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-3840 MEDIUM POC This Month

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-2841 HIGH This Week

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2014-8149 HIGH PATCH This Week

OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Defense4All
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-2843 HIGH This Week

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2017-2842 HIGH This Week

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2015-7781 HIGH This Week

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2016-4383 HIGH This Week

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Helion Openstack Glance
NVD
CVSS 3.0
8.4
EPSS
0.6%
CVE-2017-1322 HIGH PATCH This Week

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Api Connect
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2012-5010 HIGH This Week

ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-7062 HIGH This Week

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Storage Console Storage Console Node
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-1795 HIGH This Week

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Red Hat Privilege Escalation Gluster Storage
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-1591 HIGH This Week

The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kamailio
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-5180 HIGH PATCH This Week

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ubuntu Linux Glibc
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-5378 HIGH This Week

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-2245 HIGH This Week

Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 L09 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9738 HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-7524 HIGH PATCH This Week

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Tpm2 0 Tools
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6342 HIGH This Week

elog 3.1.1 allows remote attackers to post data as any username in the logbook. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Elog
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-7508 HIGH This Week

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvpn
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-5414 HIGH PATCH This Week

FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Freeipa
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-7520 HIGH This Week

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openvpn
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2017-1105 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Microsoft IBM Data Server Client +5
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-7522 MEDIUM This Month

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openvpn
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-9972 MEDIUM PATCH This Month

IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-7521 MEDIUM This Month

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Openvpn
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-9257 MEDIUM This Month

The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9256 MEDIUM This Month

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9255 MEDIUM This Month

The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9254 MEDIUM This Month

The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9253 MEDIUM This Month

The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9222 MEDIUM This Month

The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9223 MEDIUM This Month

The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9221 MEDIUM This Month

The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9220 MEDIUM This Month

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9219 MEDIUM This Month

The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9218 MEDIUM This Month

The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freeware Advanced Audio Decoder 2
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8697 MEDIUM This Month

stalin 0.11-5 allows local users to write to arbitrary files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Stalin
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1234 MEDIUM PATCH This Month

IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy