Skip to main content
CVE-2015-7944 HIGH POC PATCH THREAT Act Now

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.0%.

Denial Of Service Ganeti
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
19.0%
CVE-2015-7945 HIGH POC PATCH THREAT Act Now

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.6%.

Information Disclosure Ganeti
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.6%
CVE-2017-12592 HIGH POC This Week

ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dsl N10S Firmware
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-12589 HIGH POC This Week

ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF R60G Firmware R60Gv2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-12593 HIGH POC This Week

ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dsl N10S Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-10665 HIGH POC PATCH This Week

Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal PHP RCE Phpgrid
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2017-8260 HIGH POC PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Qualcomm Google Linux Buffer Overflow Android
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-12938 HIGH POC This Week

UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Unrar
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-12420 HIGH PATCH This Week

Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Denial Of Service Clustered Data Ontap
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2017-12936 HIGH PATCH This Week

The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-12955 HIGH This Week

There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-12937 HIGH PATCH This Week

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-12949 HIGH This Week

lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF WordPress SQLi PHP Podlove Podcast Publisher
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-12935 HIGH PATCH This Week

The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2015-5153 HIGH This Week

Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pulp
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2015-5081 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python CSRF Django Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-12881 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Java File Upload Spring Batch Admin
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-11652 HIGH This Week

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Synapse
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2017-9685 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Linux Google Qualcomm Race Condition +1
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2016-10383 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2015-2675 HIGH PATCH This Week

The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Librest
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-10824 HIGH This Week

Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Type A
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-10822 HIGH This Week

Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2289 HIGH This Week

Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Qua Station Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2228 HIGH This Week

Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teikihoukokusho Sakuseishien Tool
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10823 HIGH This Week

Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shin Kinkyuji Houkoku Data Nyuryoku Program
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10821 HIGH This Week

Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shin Kikan Toukei Houkoku Data Nyuryokuyou Program
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8261 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11160 HIGH This Week

Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Synology Microsoft Assistant
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3756 HIGH This Week

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Thinkpad 10 Ella 2 Bios Thinkpad 11E Beema Bios Thinkpad 11E Braswell Bios +145
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-3649 HIGH This Week

The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Open Uri Cached
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-8272 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Buffer Overflow Google Qualcomm Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8256 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8257 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8253 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9678 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8268 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8263 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8255 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Buffer Overflow Google Integer Overflow Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10389 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11653 HIGH This Week

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Synapse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2014-3451 HIGH This Week

OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openfire
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-9454 HIGH PATCH This Week

Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Resiprocate
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2017-12944 HIGH This Week

The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtiff
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-11185 HIGH This Week

The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Strongswan
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2017-12440 HIGH PATCH This Week

Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Openstack
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-12934 HIGH This Week

ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption PHP Use After Free
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-12963 HIGH This Week

There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libsass
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-12962 HIGH This Week

There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libsass
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-12964 HIGH This Week

There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libsass
NVD
CVSS 3.0
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy