Skip to main content
CVE-2017-12637 HIGH POC KEV THREAT Act Now

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Path Traversal SAP
NVD
CVSS 3.1
7.5
EPSS
93.5%
Threat
7.3
CVE-2017-12478 CRITICAL POC THREAT Emergency

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Authentication Bypass Unitrends Backup
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
81.6%
Threat
5.9
CVE-2017-12477 CRITICAL POC THREAT Emergency

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.0%.

Authentication Bypass Unitrends Backup
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
76.0%
Threat
5.7
CVE-2015-7871 CRITICAL POC THREAT Emergency

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 79.6%.

Authentication Bypass Ntp Debian Linux Oncommand Balance Oncommand Performance Manager +3
NVD
CVSS 3.1
9.8
EPSS
79.6%
Threat
5.8
CVE-2016-7976 HIGH POC THREAT Act Now

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.8%.

RCE Ghostscript
NVD
CVSS 3.0
8.8
EPSS
46.8%
Threat
4.7
CVE-2015-7855 MEDIUM POC PATCH THREAT This Month

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.7%.

Denial Of Service Ntp Debian Linux Oncommand Balance Oncommand Performance Manager +5
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
65.7%
Threat
4.8
CVE-2015-7853 CRITICAL PATCH Act Now

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 40.6%.

Buffer Overflow RCE Denial Of Service Ntp Oncommand Balance +4
NVD
CVSS 3.1
9.8
EPSS
40.6%
CVE-2017-6663 MEDIUM KEV THREAT This Month

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2015-7705 CRITICAL Emergency

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.0% and no vendor patch available.

Information Disclosure Ntp Oncommand Performance Manager Oncommand Unified Manager Clustered Data Ontap +4
NVD
CVSS 3.1
9.8
EPSS
31.0%
CVE-2017-12479 HIGH POC THREAT Act Now

It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%.

Information Disclosure Unitrends Backup
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.5%
CVE-2014-9262 HIGH POC This Week

The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Duplicator
NVD Exploit-DB
CVSS 3.0
8.2
EPSS
7.4%
CVE-2014-9260 HIGH POC This Week

The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Download Manager
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.8%
CVE-2017-12606 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-12601 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12605 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12604 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12603 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12597 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12599 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-12598 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2015-7571 HIGH POC This Week

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Yeager Cms
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.3%
CVE-2017-12653 HIGH POC This Week

360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation 360 Total Security
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.2%
CVE-2017-12596 HIGH POC This Week

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Openexr
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2015-5946 HIGH POC This Week

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Sugarcrm
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-12602 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opencv
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-12600 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opencv
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-7704 HIGH Act Now

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.9% and no vendor patch available.

Denial Of Service Ntp Debian Linux Oncommand Performance Manager Oncommand Unified Manager +10
NVD
CVSS 3.1
7.5
EPSS
13.9%
CVE-2017-6747 CRITICAL Act Now

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Identity Services Engine
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2017-12655 MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7928 CRITICAL Act Now

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sel 3620 Firmware Sel 3622 Firmware
NVD
CVSS 3.0
10.0
EPSS
0.5%
CVE-2015-7692 HIGH Act Now

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8% and no vendor patch available.

Denial Of Service Ntp Linux Debian Linux Oncommand Performance Manager +9
NVD
CVSS 3.1
7.5
EPSS
12.8%
CVE-2015-7701 HIGH Act Now

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.4% and no vendor patch available.

Denial Of Service Ntp Linux Debian Linux Oncommand Performance Manager +9
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2017-12650 CRITICAL Act Now

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Loginizer
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-12567 CRITICAL Act Now

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kace Asset Management Appliance Kace Systems Management Appliance K1000 As A Service
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-7691 HIGH Act Now

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

Denial Of Service Ntp Linux Debian Linux Oncommand Performance Manager +9
NVD
CVSS 3.1
7.5
EPSS
11.8%
CVE-2015-5244 CRITICAL PATCH Act Now

The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Mod Nss
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-9632 CRITICAL Act Now

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Laserwash G5 Firmware Laserwash G5 S Firmware Laserwash M5 Firmware Laserwash 360 Firmware +7
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-7849 HIGH PATCH This Week

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free RCE Ntp +5
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2015-7854 HIGH PATCH This Week

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Ntp Oncommand Balance +4
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2017-9630 CRITICAL Act Now

An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Laserwash G5 Firmware Laserwash G5 S Firmware Laserwash M5 Firmware Laserwash 360 Firmware +7
NVD
CVSS 3.0
9.4
EPSS
0.2%
CVE-2015-1555 CRITICAL Act Now

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zend Framework
NVD
CVSS 3.0
9.1
EPSS
0.3%
CVE-2017-12640 HIGH PATCH This Week

ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2017-9633 HIGH This Week

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE S Gold 2 Pmb 8876
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2017-6757 HIGH This Week

A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-12644 HIGH PATCH This Week

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2014-9831 HIGH PATCH This Week

coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Imagemagick
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2014-9830 HIGH PATCH This Week

coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Imagemagick
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2014-9828 HIGH PATCH This Week

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Imagemagick
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2014-9827 HIGH PATCH This Week

coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Imagemagick
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-12666 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy