Skip to main content
CVE-2017-6736 HIGH POC KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Cisco Buffer Overflow RCE Apple
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
89.0%
Threat
7.4
CVE-2017-1000028 HIGH POC THREAT Act Now

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.1%.

Path Traversal Oracle Glassfish Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
94.1%
Threat
5.8
CVE-2017-1000002 CRITICAL POC THREAT Emergency

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.2%.

Path Traversal Information Disclosure RCE Atutor
NVD
CVSS 3.0
9.8
EPSS
60.2%
Threat
5.3
CVE-2017-1000029 HIGH POC THREAT Act Now

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 69.0%.

Oracle Information Disclosure Glassfish Server
NVD
CVSS 3.0
7.5
EPSS
69.0%
Threat
5.1
CVE-2017-6743 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6739 HIGH KEV THREAT Act Now

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Buffer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6738 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6737 HIGH KEV THREAT Act Now

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Buffer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6742 HIGH KEV THREAT Act Now

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 10.3%.

Buffer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
10.3%
CVE-2017-6740 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 10.0%.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2017-6744 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
7.1%
CVE-2017-11346 CRITICAL POC PATCH THREAT Act Now

Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.

RCE Zoho Manageengine Desktop Central
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
25.0%
Threat
4.2
CVE-2017-9811 CRITICAL POC THREAT Emergency

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.7%.

Information Disclosure Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.7%
Threat
4.2
CVE-2017-1000037 CRITICAL POC THREAT Emergency

RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

RCE Command Injection Rvm
NVD GitHub
CVSS 3.0
9.8
EPSS
20.6%
Threat
4.1
CVE-2017-9812 HIGH POC THREAT Act Now

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.2%.

Information Disclosure Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
27.2%
CVE-2017-10979 CRITICAL PATCH Act Now

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.2%.

Buffer Overflow Memory Corruption Denial Of Service RCE Freeradius
NVD
CVSS 3.0
9.8
EPSS
30.2%
CVE-2017-1000060 CRITICAL POC Act Now

EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eyesofnetwork
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2017-1000073 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-10984 CRITICAL PATCH Act Now

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.5%.

Buffer Overflow Memory Corruption Denial Of Service RCE Freeradius
NVD
CVSS 3.0
9.8
EPSS
21.5%
CVE-2017-1000075 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-1000074 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-1000072 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-11349 CRITICAL POC Act Now

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dt8X Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-0028 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.6%.

Buffer Overflow RCE Microsoft Edge
NVD GitHub
CVSS 3.0
9.8
EPSS
19.6%
CVE-2017-1000031 HIGH POC This Week

SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cacti
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-9810 HIGH POC This Week

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-1000021 HIGH POC This Week

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Logicaldoc
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-8011 CRITICAL Act Now

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.6% and no vendor patch available.

Authentication Bypass Emc M R Emc Storage Monitoring And Reporting Emc Vipr Srm Emc Vnx Monitoring And Reporting
NVD
CVSS 3.1
9.8
EPSS
15.6%
CVE-2017-11361 HIGH POC This Week

Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Inteno Router Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1000022 HIGH POC This Week

LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Logicaldoc
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-9671 HIGH POC This Week

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Alpine Linux
NVD
CVSS 3.0
7.8
EPSS
4.1%
CVE-2017-9669 HIGH POC This Week

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Alpine Linux
NVD
CVSS 3.0
7.8
EPSS
4.1%
CVE-2017-11318 HIGH POC This Week

Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Cobian Backup
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-1000009 CRITICAL PATCH Act Now

Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.5%.

Command Injection Product Information Management
NVD GitHub
CVSS 3.1
9.8
EPSS
10.5%
CVE-2017-9951 HIGH POC This Week

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memcached
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-9814 HIGH POC This Week

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Cairo Leap
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-11342 HIGH POC This Week

There is an illegal address access in ast.cpp of LibSass 3.4.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsass
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-11341 HIGH POC This Week

There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libsass
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000081 CRITICAL Act Now

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Onos
NVD
CVSS 3.1
9.8
EPSS
8.3%
CVE-2017-6741 HIGH Act Now

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

Buffer Overflow RCE Ios Xe
NVD
CVSS 3.0
8.8
EPSS
11.8%
CVE-2017-0152 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 14.6%.

Buffer Overflow RCE Microsoft Edge
NVD GitHub
CVSS 3.0
8.1
EPSS
14.6%
CVE-2017-9813 MEDIUM POC This Month

In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.7%
CVE-2017-1000030 CRITICAL Act Now

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Oracle Glassfish Server
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-2343 CRITICAL Act Now

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.0
10.0
EPSS
3.1%
CVE-2017-2349 CRITICAL Act Now

A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Command Injection Junos
NVD
CVSS 3.0
9.9
EPSS
3.5%
CVE-2017-1000033 MEDIUM POC This Month

Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE WordPress Vospari Forms
NVD
CVSS 3.0
6.1
EPSS
2.5%
CVE-2017-9340 MEDIUM POC This Month

An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Owncloud
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-1000039 CRITICAL Act Now

Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Framadate
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2017-2345 CRITICAL Act Now

On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Cisco Juniper Junos
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2017-1000034 HIGH PATCH Act Now

Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 11.7%.

Deserialization Java RCE Akka
NVD
CVSS 3.0
8.1
EPSS
11.7%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy