Skip to main content
CVE-2017-12943 CRITICAL POC THREAT Emergency

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.8%.

Path Traversal D-Link PHP Dir 600 B1 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
81.8%
Threat
5.9
CVE-2015-4464 CRITICAL POC Act Now

Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kg Sha104 Firmware Kg Sha108 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12776 CRITICAL POC Act Now

SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12941 CRITICAL POC Act Now

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Unrar
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12942 CRITICAL POC Act Now

libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Unrar
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12940 CRITICAL POC Act Now

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Unrar
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-12933 CRITICAL Act Now

The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.0% and no vendor patch available.

Buffer Overflow PHP Information Disclosure
NVD
CVSS 3.0
9.8
EPSS
13.0%
CVE-2017-12939 CRITICAL PATCH Act Now

A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Unity Editor
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2017-12932 CRITICAL PATCH Act Now

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Memory Corruption PHP Use After Free
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2015-1817 CRITICAL PATCH Act Now

Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Musl
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-7278 CRITICAL Act Now

Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Styra Porttelefonkort 4400 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-12582 CRITICAL Act Now

Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Ts 212P Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10385 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Use After Free Google Qualcomm Information Disclosure +2
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-9066 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-9063 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-9976 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10392 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10390 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10387 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10386 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10384 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10381 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10380 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-9065 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-0574 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-9981 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-9971 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-9064 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google Authentication Bypass Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-9972 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2015-8594 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-8593 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-7364 CRITICAL PATCH Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Linux Use After Free Google Qualcomm +2
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-5871 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9062 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9053 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9042 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9041 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9034 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9978 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9977 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9968 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-5872 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10391 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10388 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10347 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10346 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Integer Overflow Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10343 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9071 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9070 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9069 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy