Skip to main content
CVE-2017-12637 HIGH POC KEV THREAT Act Now

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Path Traversal SAP
NVD
CVSS 3.1
7.5
EPSS
93.5%
Threat
7.3
CVE-2016-7976 HIGH POC THREAT Act Now

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.8%.

RCE Ghostscript
NVD
CVSS 3.0
8.8
EPSS
46.8%
Threat
4.7
CVE-2017-12479 HIGH POC THREAT Act Now

It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%.

Information Disclosure Unitrends Backup
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.5%
CVE-2014-9262 HIGH POC This Week

The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Duplicator
NVD Exploit-DB
CVSS 3.0
8.2
EPSS
7.4%
CVE-2014-9260 HIGH POC This Week

The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Download Manager
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.8%
CVE-2017-12606 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-12601 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12605 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12604 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12603 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12597 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-12599 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-12598 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2015-7571 HIGH POC This Week

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Yeager Cms
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.3%
CVE-2017-12653 HIGH POC This Week

360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation 360 Total Security
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.2%
CVE-2017-12596 HIGH POC This Week

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Openexr
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2015-5946 HIGH POC This Week

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Sugarcrm
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-12602 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opencv
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-12600 HIGH POC PATCH This Week

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opencv
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-7704 HIGH Act Now

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.9% and no vendor patch available.

Denial Of Service Ntp Debian Linux Oncommand Performance Manager Oncommand Unified Manager +10
NVD
CVSS 3.1
7.5
EPSS
13.9%
CVE-2015-7692 HIGH Act Now

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8% and no vendor patch available.

Denial Of Service Ntp Linux Debian Linux Oncommand Performance Manager +9
NVD
CVSS 3.1
7.5
EPSS
12.8%
CVE-2015-7701 HIGH Act Now

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.4% and no vendor patch available.

Denial Of Service Ntp Linux Debian Linux Oncommand Performance Manager +9
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2015-7691 HIGH Act Now

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

Denial Of Service Ntp Linux Debian Linux Oncommand Performance Manager +9
NVD
CVSS 3.1
7.5
EPSS
11.8%
CVE-2015-7849 HIGH PATCH This Week

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free RCE Ntp +5
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2015-7854 HIGH PATCH This Week

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Ntp Oncommand Balance +4
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2017-12640 HIGH PATCH This Week

ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2017-9633 HIGH This Week

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE S Gold 2 Pmb 8876
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2017-6757 HIGH This Week

A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-12644 HIGH PATCH This Week

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2014-9831 HIGH PATCH This Week

coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Imagemagick
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2014-9830 HIGH PATCH This Week

coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Imagemagick
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2014-9828 HIGH PATCH This Week

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Imagemagick
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2014-9827 HIGH PATCH This Week

coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Imagemagick
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-12666 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-12642 HIGH PATCH This Week

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-6756 HIGH This Week

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Prime Collaboration Provisioning
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-12669 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-12668 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-12667 HIGH PATCH This Week

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-12641 HIGH PATCH This Week

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12662 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12665 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12664 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12663 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12651 HIGH This Week

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP Loginizer
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-6419 HIGH PATCH This Week

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Libmspack
NVD GitHub
CVSS 3.0
7.8
EPSS
2.3%
CVE-2015-7887 HIGH PATCH This Week

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Snapcenter Server
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2014-1235 HIGH PATCH This Week

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Graphviz
NVD GitHub
CVSS 3.0
7.8
EPSS
0.9%
CVE-2017-6763 HIGH This Week

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Meeting Server
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-7920 HIGH This Week

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Vsn300 Firmware Vsn300 For React Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy