Skip to main content
CVE-2015-8299 CRITICAL POC THREAT Emergency

Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Buffer Overflow RCE Ets
NVD GitHub
CVSS 3.0
9.8
EPSS
11.7%
CVE-2017-10952 HIGH POC This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
7.3%
CVE-2017-12763 HIGH POC PATCH This Week

An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Nomachine
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
5.1%
CVE-2014-8393 HIGH POC This Week

DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Coreldraw Coreldraw Photo Paint Paint Shop Pro Painter +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.8%
CVE-2017-13715 CRITICAL PATCH Act Now

The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.1%.

Denial Of Service RCE Linux Linux Kernel
NVD GitHub
CVSS 3.1
9.8
EPSS
13.1%
CVE-2017-13748 HIGH POC This Week

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2014-8872 HIGH POC This Week

Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Fritz Box 6810 Lte Firmware Fritz Box 6840 Lte Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-13750 HIGH POC This Week

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-13746 HIGH POC This Week

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-10951 HIGH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.6% and no vendor patch available.

RCE Command Injection Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
14.6%
CVE-2017-13752 HIGH POC This Week

There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-13751 HIGH POC This Week

There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-13749 HIGH POC This Week

There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-13747 HIGH POC This Week

There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-13728 HIGH POC This Week

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ncurses
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-12865 CRITICAL PATCH Act Now

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Connman Debian Linux
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2015-7517 CRITICAL Act Now

Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP Double Opt In For Download
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-13733 MEDIUM POC This Month

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13731 MEDIUM POC This Month

There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13729 MEDIUM POC This Month

There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13732 MEDIUM POC This Month

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13730 MEDIUM POC This Month

There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13734 MEDIUM POC This Month

There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-10832 CRITICAL Act Now

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Scr02Hd Firmware
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2017-12856 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP C P Sub
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-6942 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coremail Xt
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-6588 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Modx Revolution
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2013-7426 CRITICAL PATCH Act Now

Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Kamailio
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-1376 CRITICAL Act Now

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Operations Analytics Predictive Insights
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-10842 CRITICAL PATCH Act Now

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Basercms
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-13755 MEDIUM POC This Month

In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure The Sleuth Kit Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2017-13760 MEDIUM POC This Month

In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow The Sleuth Kit Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-10833 CRITICAL Act Now

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Scr02Hd Firmware
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2017-10835 HIGH This Week

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Scr02Hd Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-10844 HIGH PATCH This Week

baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Basercms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-11455 HIGH This Week

diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-13739 HIGH This Week

There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Liblouis
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-10839 HIGH This Week

SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Seo Panel
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-13738 HIGH This Week

There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Liblouis
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-13740 HIGH This Week

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Liblouis
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-8334 HIGH PATCH This Week

SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Huawei Vcn500 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-3655 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aruba Clearpass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-0379 HIGH PATCH This Week

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Libgcrypt Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-10831 HIGH PATCH This Week

Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Commercial Registration Electronic Authentication Software
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2242 HIGH This Week

Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Flets Setsuzoku Tool
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10836 HIGH This Week

Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Optimal Guard
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10830 HIGH This Week

Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Setup Tool
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10828 HIGH This Week

Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flets Install Tool
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10827 HIGH This Week

Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Flets Azukuu Pc Automatic Backup Tool
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10826 HIGH This Week

Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Kinou Mihariban
NVD
CVSS 3.0
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy