Skip to main content
CVE-2017-10974 HIGH POC THREAT Act Now

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.5%.

Path Traversal Yaws
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
89.5%
Threat
5.7
CVE-2017-10989 CRITICAL PATCH CISA Act Now

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8%.

Buffer Overflow Information Disclosure Sqlite
NVD
CVSS 3.0
9.8
EPSS
12.8%
Threat
4.3
CVE-2017-10968 CRITICAL POC Act Now

In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Finecms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-9629 CRITICAL Act Now

A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

Buffer Overflow RCE Schneider Electric Stack Overflow Wonderware Archestra Logger
NVD
CVSS 3.1
9.8
EPSS
19.7%
CVE-2017-11099 HIGH POC This Week

When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-11098 HIGH POC This Week

When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-11101 HIGH POC This Week

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-11100 HIGH POC This Week

When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-11097 HIGH POC This Week

When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-11096 HIGH POC This Week

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-7405 CRITICAL PATCH Act Now

On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

D-Link Authentication Bypass Dir 615
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2017-10965 CRITICAL PATCH Act Now

An issue was discovered in Irssi before 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Irssi
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-10966 CRITICAL PATCH Act Now

An issue was discovered in Irssi before 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Irssi
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-2234 CRITICAL Act Now

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hem Gw16A Firmware Hem Gw26A Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-2225 CRITICAL Act Now

Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ebidsettingchecker
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-7512 CRITICAL Act Now

Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat 3Scale Api Management Platform
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-2237 CRITICAL Act Now

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Hem Gw16A Firmware Hem Gw26A Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-2236 CRITICAL Act Now

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hem Gw16A Firmware Hem Gw26A Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-2235 CRITICAL Act Now

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hem Gw16A Firmware Hem Gw26A Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-1000082 CRITICAL PATCH Act Now

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Systemd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2017-7406 CRITICAL PATCH Act Now

The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Information Disclosure Dir 615
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2017-7950 MEDIUM POC This Month

Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nitro Pro
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9627 HIGH This Week

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Wonderware Archestra Logger
NVD
CVSS 3.1
8.6
EPSS
2.3%
CVE-2017-2184 HIGH This Week

Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Home Spot Cube 2 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-2185 HIGH This Week

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Home Spot Cube 2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-6868 HIGH This Week

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Simatic Cp 44X 1 Redundant Network Access Modules
NVD
CVSS 3.0
8.1
EPSS
4.2%
CVE-2017-2186 HIGH This Week

HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Home Spot Cube 2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-4998 HIGH This Week

EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Rsa Archer Egrc
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-7404 HIGH PATCH This Week

On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Denial Of Service CSRF D-Link Dir 615
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-2238 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Hem Gw16A Firmware Hem Gw26A Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-2244 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mfc J960Dwn Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-2223 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Ts Wptcam Camera Firmware Ts Ptcam Camera Firmware Ts Ptcam Poe Camera Firmware Ts Wlc2 Camera Firmware +3
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-3297 HIGH This Week

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Etherpad
NVD GitHub
CVSS 3.0
7.5
EPSS
3.8%
CVE-2017-2183 HIGH This Week

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Home Spot Cube 2 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.5%
CVE-2017-11102 HIGH PATCH This Week

The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Graphicsmagick
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2017-2208 HIGH This Week

Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Installer Of Electronic Tendering
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-2230 HIGH This Week

Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Road Construction Completion Diagram Check Program
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-2215 HIGH This Week

Untrusted search path vulnerability in Installer of "Setup file of advance preparation" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Tax
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0340 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Nvidia Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-2229 HIGH This Week

Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei System Ver1.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kihon Data Sakusei System
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-2226 HIGH This Week

Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Tax
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2017-2220 HIGH This Week

Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Casl Ii Simulator
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2188 HIGH This Week

Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denshinouhin Check System
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2227 HIGH This Week

Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Omp
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2218 HIGH This Week

Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Quicktime
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2231 HIGH This Week

Untrusted search path vulnerability in The installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017, The self-extracting archive including the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denshiseikabutsusakuseishienkensa
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2233 HIGH This Week

Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pdf Digital Signature
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2232 HIGH This Week

Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shinseiyo Sogo Soft
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9631 HIGH This Week

A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Schneider Electric Wonderware Archestra Logger
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2017-1000381 HIGH This Week

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Ares Node Js
NVD
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy