Skip to main content
CVE-2015-2857 CRITICAL POC THREAT Emergency

Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.7%.

RCE Command Injection File Transfer Appliance
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
86.7%
Threat
6.1
CVE-2017-12786 CRITICAL POC THREAT Emergency

Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Buffer Overflow RCE Noviware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
28.6%
Threat
4.3
CVE-2017-12785 CRITICAL POC THREAT Emergency

The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.1%.

Buffer Overflow RCE Command Injection Noviware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.1%
Threat
4.2
CVE-2017-12787 CRITICAL POC THREAT Emergency

A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Buffer Overflow RCE Noviware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.1%
Threat
4.0
CVE-2015-6473 CRITICAL POC Act Now

WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 750 849 Firmware 758 870 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2015-6472 CRITICAL POC Act Now

WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 750 849 Firmware 750 881 Firmware 758 870 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2016-4460 CRITICAL PATCH Act Now

Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Pony Mail
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-5208 HIGH This Week

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service Buffer Overflow Icoutils +7
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2015-5258 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Fedora Spring Social
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-7557 HIGH PATCH This Week

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

CSRF Authentication Bypass Dnsdist
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2015-3617 HIGH This Week

Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Privilege Escalation Fortimanager Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-13065 MEDIUM This Month

GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2017-13064 MEDIUM This Month

GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-13063 MEDIUM This Month

GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-13061 MEDIUM This Month

In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13062 MEDIUM This Month

In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13060 MEDIUM This Month

In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13059 MEDIUM This Month

In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13058 MEDIUM This Month

In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12843 MEDIUM This Month

Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cyrus Imap Fedora
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-13066 MEDIUM This Month

GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Graphicsmagick
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2014-6189 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Network Protection 4100 Firmware Security Network Protection 3100 Firmware Security Network Protection 5100 Firmware +1
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6310 MEDIUM This Month

oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Enterprise Virtualization
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6311 MEDIUM This Month

Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jboss Enterprise Application Platform
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-2102 MEDIUM This Month

HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Haproxy
NVD
CVSS 3.0
5.3
EPSS
0.0%
CVE-2017-1422 LOW PATCH Monitor

IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maas360 Dtm
NVD
CVSS 3.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy