Skip to main content
CVE-2017-7642 HIGH POC This Week

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp VMware Information Disclosure Vagrant Vmware Fusion
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2015-7891 HIGH POC This Week

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Google Samsung Information Disclosure Samsung Mobile
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-11388 HIGH PATCH This Week

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
8.8
EPSS
5.9%
CVE-2014-8903 HIGH This Week

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Command Injection Curam Social Program Management
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-11364 HIGH This Week

The CMS installer in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-2281 HIGH This Week

WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wn Ax1167Gr Firmware
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-2280 HIGH This Week

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Wn Ax1167Gr Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-2138 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cs Cart Cs Cart Multivendor
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-10664 HIGH PATCH This Week

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qemu Debian Linux Virtualization Openstack +6
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2017-1467 HIGH This Week

A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Privilege Escalation Infosphere Information Server
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2016-9981 HIGH PATCH This Week

IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Session Fixation IBM Information Disclosure Security Appscan
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2015-0839 HIGH This Week

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE HP Linux Imaging And Printing
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-2283 HIGH This Week

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Wn G300R3 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2015-8264 HIGH This Week

Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE F Secure Online Scanner
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-11387 HIGH PATCH This Week

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Authentication Bypass Information Disclosure Control Manager
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-2288 HIGH This Week

Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaforge
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2287 HIGH This Week

Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nfc Port Software Remover
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2286 HIGH This Week

Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nfc Port Firmware Pc Sc Activator For Type B Sfcard Viewer 2 Nfc Net Installer
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2279 HIGH This Week

Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tween
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1468 HIGH This Week

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9247 HIGH This Week

Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sierra Wireless Em7345 Software Sierra Wireless Em7455 Software Sierra Wireless Location Sensor Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11390 HIGH PATCH This Week

XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Trend Micro Information Disclosure Control Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-1118 HIGH PATCH This Week

IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Websphere Mq Internet Pass Thru
NVD
CVSS 3.0
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy