Skip to main content
CVE-2015-2291 HIGH POC KEV PATCH THREAT Act Now

Local privilege escalation to SYSTEM in Intel Ethernet diagnostics driver (IQVW32.sys/IQVW64.sys versions before 1.3.1.0) allows authenticated Windows users to execute arbitrary code with kernel privileges via crafted IOCTL calls to device driver interfaces. CISA confirms active exploitation in the wild (KEV-listed). Multiple public proof-of-concept exploits demonstrate exploitability across four IOCTL handlers (0x80862013, 0x8086200B, 0x8086200F, 0x80862007). With 4.99% EPSS probability (90th percentile) and confirmed real-world abuse, this represents a critical risk for systems with Intel network adapters where the diagnostic driver remains installed and unpatched.

Denial Of Service Microsoft Intel RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
5.0%
Threat
6.7
CVE-2015-0786 CRITICAL Act Now

Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 29.7% and no vendor patch available.

Buffer Overflow RCE Zenworks Configuration Management
NVD
CVSS 3.0
9.8
EPSS
29.7%
CVE-2015-6816 CRITICAL POC PATCH Act Now

ganglia-web before 3.7.1 allows remote attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fedora Ganglia Web
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-12774 CRITICAL POC Act Now

finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Finecms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2015-7894 HIGH POC This Week

The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Samsung Galaxy S6 Edge Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.8%
CVE-2017-12754 HIGH Act Now

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

Buffer Overflow RCE Asuswrt Merlin
NVD GitHub
CVSS 3.1
8.8
EPSS
12.3%
CVE-2015-0781 CRITICAL Act Now

Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zenworks Configuration Management
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2015-3405 HIGH PATCH Act Now

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.6%.

Information Disclosure Ntp Debian Linux Suse Linux Enterprise Server Suse Linux Enterprise Desktop +8
NVD
CVSS 3.0
7.5
EPSS
16.6%
CVE-2015-1820 CRITICAL PATCH Act Now

REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Rest Client
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2015-0780 CRITICAL Act Now

SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zenworks Configuration Management
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2015-0782 CRITICAL Act Now

SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zenworks Configuration Management
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2017-12762 CRITICAL PATCH Act Now

In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2015-2311 CRITICAL Act Now

Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service Capnproto
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2012-2781 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2012-2780 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2012-2778 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2012-2773 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2012-2771 CRITICAL Act Now

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-6941 CRITICAL PATCH Act Now

win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Salt 2015
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2014-5144 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Telescope
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2016-5716 HIGH This Week

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Puppet Enterprise
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2015-2310 CRITICAL Act Now

Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Capnproto
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2017-9799 HIGH PATCH This Week

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Storm
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-9370 HIGH This Week

An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Workspaces
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2015-0784 HIGH This Week

Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zenworks Configuration Management
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2017-3752 HIGH This Week

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Rated high severity (CVSS 8.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Lenovo 1G L2 7 Slb Layer 2 3 Copper Firmware Virtual Fabric 10Gb +15
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2015-0785 HIGH This Week

com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zenworks Configuration Management
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-0745 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (avc decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-0719 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-0750 HIGH This Week

A elevation of privilege vulnerability in the Upstream Linux file system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-0722 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (h263 decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0720 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libhevc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0718 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0714 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (h263 decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0740 HIGH This Week

A remote code execution vulnerability in the Broadcom networking driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Broadcom Google RCE Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0713 HIGH PATCH This Week

A remote code execution vulnerability in the Android libraries (sfntly). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0723 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libavc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0716 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0715 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libavc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2015-4165 HIGH PATCH This Week

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

RCE Java Privilege Escalation Elastic Elasticsearch
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-0721 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0749 HIGH This Week

A elevation of privilege vulnerability in the Upstream Linux linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0737 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0747 HIGH This Week

A elevation of privilege vulnerability in the Qualcomm proprietary component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0746 HIGH This Week

A elevation of privilege vulnerability in the Qualcomm ipa driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0742 HIGH This Week

A elevation of privilege vulnerability in the MediaTek video driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0741 HIGH This Week

A elevation of privilege vulnerability in the MediaTek gpu driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0732 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0731 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0729 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy