Skip to main content
CVE-2017-2491 HIGH POC THREAT Act Now

Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.7%.

Denial Of Service Use After Free RCE Memory Corruption Apple +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
21.7%
CVE-2017-6086 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Vimbadmin
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9982 HIGH POC This Week

TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Teamspeak Client
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-1297 HIGH POC PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow RCE Microsoft IBM Data Server Client +5
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
0.3%
CVE-2014-6354 HIGH Act Now

Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.7% and no vendor patch available.

Buffer Overflow RCE Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
16.7%
CVE-2017-2841 HIGH This Week

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2014-8149 HIGH PATCH This Week

OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Defense4All
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-2843 HIGH This Week

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2017-2842 HIGH This Week

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2015-7781 HIGH This Week

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2016-4383 HIGH This Week

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Helion Openstack Glance
NVD
CVSS 3.0
8.4
EPSS
0.6%
CVE-2017-1322 HIGH PATCH This Week

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Api Connect
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2012-5010 HIGH This Week

ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-7062 HIGH This Week

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Storage Console Storage Console Node
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-1795 HIGH This Week

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Red Hat Privilege Escalation Gluster Storage
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-1591 HIGH This Week

The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kamailio
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-5180 HIGH PATCH This Week

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ubuntu Linux Glibc
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-5378 HIGH This Week

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-2245 HIGH This Week

Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 L09 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9738 HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-7524 HIGH PATCH This Week

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Tpm2 0 Tools
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6342 HIGH This Week

elog 3.1.1 allows remote attackers to post data as any username in the logbook. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Elog
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-7508 HIGH This Week

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvpn
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-5414 HIGH PATCH This Week

FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Freeipa
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-7520 HIGH This Week

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openvpn
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2017-1105 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Microsoft IBM Data Server Client +5
NVD
CVSS 3.0
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy