Skip to main content
CVE-2015-2291 HIGH POC KEV PATCH THREAT Act Now

Local privilege escalation to SYSTEM in Intel Ethernet diagnostics driver (IQVW32.sys/IQVW64.sys versions before 1.3.1.0) allows authenticated Windows users to execute arbitrary code with kernel privileges via crafted IOCTL calls to device driver interfaces. CISA confirms active exploitation in the wild (KEV-listed). Multiple public proof-of-concept exploits demonstrate exploitability across four IOCTL handlers (0x80862013, 0x8086200B, 0x8086200F, 0x80862007). With 4.99% EPSS probability (90th percentile) and confirmed real-world abuse, this represents a critical risk for systems with Intel network adapters where the diagnostic driver remains installed and unpatched.

Denial Of Service Microsoft Intel RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
5.0%
Threat
6.7
CVE-2015-7894 HIGH POC This Week

The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Samsung Galaxy S6 Edge Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.8%
CVE-2017-12754 HIGH Act Now

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

Buffer Overflow RCE Asuswrt Merlin
NVD GitHub
CVSS 3.1
8.8
EPSS
12.3%
CVE-2015-3405 HIGH PATCH Act Now

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.6%.

Information Disclosure Ntp Debian Linux Suse Linux Enterprise Server Suse Linux Enterprise Desktop +8
NVD
CVSS 3.0
7.5
EPSS
16.6%
CVE-2016-5716 HIGH This Week

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Puppet Enterprise
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2017-9799 HIGH PATCH This Week

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Storm
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-9370 HIGH This Week

An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Workspaces
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2015-0784 HIGH This Week

Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zenworks Configuration Management
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2017-3752 HIGH This Week

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Rated high severity (CVSS 8.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Lenovo 1G L2 7 Slb Layer 2 3 Copper Firmware Virtual Fabric 10Gb +15
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2015-0785 HIGH This Week

com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zenworks Configuration Management
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-0745 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (avc decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-0719 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-0750 HIGH This Week

A elevation of privilege vulnerability in the Upstream Linux file system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-0722 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (h263 decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0720 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libhevc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0718 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0714 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (h263 decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0740 HIGH This Week

A remote code execution vulnerability in the Broadcom networking driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Broadcom Google RCE Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0713 HIGH PATCH This Week

A remote code execution vulnerability in the Android libraries (sfntly). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0723 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libavc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0716 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0715 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libavc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2015-4165 HIGH PATCH This Week

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

RCE Java Privilege Escalation Elastic Elasticsearch
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-0721 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0749 HIGH This Week

A elevation of privilege vulnerability in the Upstream Linux linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0737 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0747 HIGH This Week

A elevation of privilege vulnerability in the Qualcomm proprietary component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0746 HIGH This Week

A elevation of privilege vulnerability in the Qualcomm ipa driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0742 HIGH This Week

A elevation of privilege vulnerability in the MediaTek video driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0741 HIGH This Week

A elevation of privilege vulnerability in the MediaTek gpu driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0732 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0731 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0729 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0712 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android framework (wi-fi service). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0728 HIGH PATCH This Week

A denial of service vulnerability in the Android media framework (hevc decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0727 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (libgui). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Race Condition Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-6498 HIGH This Week

Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home Device Manager
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-2312 HIGH This Week

Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Capnproto
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-2313 HIGH This Week

Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Capnproto
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-7764 HIGH PATCH This Week

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lemur
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2015-3277 HIGH This Week

The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mod Nss
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-11506 HIGH This Week

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Nessus
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2017-12756 HIGH This Week

Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Extplorer
NVD
CVSS 3.0
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy