Skip to main content
CVE-2017-6736 HIGH POC KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Cisco Buffer Overflow RCE Apple
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
89.0%
Threat
7.4
CVE-2017-1000028 HIGH POC THREAT Act Now

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.1%.

Path Traversal Oracle Glassfish Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
94.1%
Threat
5.8
CVE-2017-1000029 HIGH POC THREAT Act Now

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 69.0%.

Oracle Information Disclosure Glassfish Server
NVD
CVSS 3.0
7.5
EPSS
69.0%
Threat
5.1
CVE-2017-6743 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6739 HIGH KEV THREAT Act Now

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Buffer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6738 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6737 HIGH KEV THREAT Act Now

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Buffer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6742 HIGH KEV THREAT Act Now

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 10.3%.

Buffer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
10.3%
CVE-2017-6740 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 10.0%.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2017-6744 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
7.1%
CVE-2017-9812 HIGH POC THREAT Act Now

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.2%.

Information Disclosure Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
27.2%
CVE-2017-1000031 HIGH POC This Week

SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cacti
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-9810 HIGH POC This Week

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-1000021 HIGH POC This Week

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Logicaldoc
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-11361 HIGH POC This Week

Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Inteno Router Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1000022 HIGH POC This Week

LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Logicaldoc
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-9671 HIGH POC This Week

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Alpine Linux
NVD
CVSS 3.0
7.8
EPSS
4.1%
CVE-2017-9669 HIGH POC This Week

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Alpine Linux
NVD
CVSS 3.0
7.8
EPSS
4.1%
CVE-2017-11318 HIGH POC This Week

Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Cobian Backup
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-9951 HIGH POC This Week

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memcached
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-9814 HIGH POC This Week

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Cairo Leap
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-11342 HIGH POC This Week

There is an illegal address access in ast.cpp of LibSass 3.4.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsass
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-11341 HIGH POC This Week

There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libsass
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6741 HIGH Act Now

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

Buffer Overflow RCE Ios Xe
NVD
CVSS 3.0
8.8
EPSS
11.8%
CVE-2017-0152 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 14.6%.

Buffer Overflow RCE Microsoft Edge
NVD GitHub
CVSS 3.0
8.1
EPSS
14.6%
CVE-2017-1000034 HIGH PATCH Act Now

Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 11.7%.

Deserialization Java RCE Akka
NVD
CVSS 3.0
8.1
EPSS
11.7%
CVE-2017-11347 HIGH This Week

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Metinfo
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-11335 HIGH This Week

There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Libtiff
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-3099 HIGH PATCH This Week

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2017-1000017 HIGH PATCH This Week

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Phpmyadmin
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-1000067 HIGH PATCH This Week

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Revolution
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-7666 HIGH PATCH This Week

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Apache Openmeetings
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-2341 HIGH This Week

An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-7681 HIGH PATCH This Week

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Apache Openmeetings
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1000069 HIGH PATCH This Week

CSRF in Bitly oauth2_proxy 2.1 during authentication flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Oauth2 Proxy
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1000008 HIGH This Week

Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Chyrp Lite
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-10605 HIGH This Week

On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
8.6
EPSS
0.8%
CVE-2017-2339 HIGH This Week

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-2338 HIGH This Week

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-2337 HIGH This Week

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-2335 HIGH This Week

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-7682 HIGH PATCH This Week

Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.0
8.2
EPSS
0.7%
CVE-2017-1000053 HIGH This Week

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Plug
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2015-5152 HIGH This Week

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Foreman
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-1000071 HIGH This Week

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Phpcas
NVD GitHub
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-2342 HIGH This Week

MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2017-1000062 HIGH This Week

kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Kitto
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-11344 HIGH This Week

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rt Ac5300 Firmware Rt Ac1900P Firmware Rt Ac68U Firmware +25
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2017-11345 HIGH This Week

Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rt Ac5300 Firmware Rt Ac1900P Firmware Rt Ac68U Firmware +25
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2017-11311 HIGH PATCH This Week

soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Libopenmpt Openmpt
NVD
CVSS 3.0
7.8
EPSS
1.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy