Skip to main content
CVE-2017-10952 HIGH POC This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
7.3%
CVE-2017-12763 HIGH POC PATCH This Week

An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Nomachine
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
5.1%
CVE-2014-8393 HIGH POC This Week

DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Coreldraw Coreldraw Photo Paint Paint Shop Pro Painter +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.8%
CVE-2017-13748 HIGH POC This Week

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2014-8872 HIGH POC This Week

Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Fritz Box 6810 Lte Firmware Fritz Box 6840 Lte Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-13750 HIGH POC This Week

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-13746 HIGH POC This Week

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-10951 HIGH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.6% and no vendor patch available.

RCE Command Injection Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
14.6%
CVE-2017-13752 HIGH POC This Week

There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-13751 HIGH POC This Week

There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-13749 HIGH POC This Week

There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-13747 HIGH POC This Week

There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-13728 HIGH POC This Week

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ncurses
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-10835 HIGH This Week

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Scr02Hd Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-10844 HIGH PATCH This Week

baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Basercms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-11455 HIGH This Week

diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-13739 HIGH This Week

There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Liblouis
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-10839 HIGH This Week

SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Seo Panel
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-13738 HIGH This Week

There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Liblouis
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-13740 HIGH This Week

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Liblouis
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-8334 HIGH PATCH This Week

SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Huawei Vcn500 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-3655 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aruba Clearpass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-0379 HIGH PATCH This Week

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Libgcrypt Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-10831 HIGH PATCH This Week

Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Commercial Registration Electronic Authentication Software
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2242 HIGH This Week

Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Flets Setsuzoku Tool
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10836 HIGH This Week

Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Optimal Guard
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10830 HIGH This Week

Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Setup Tool
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10828 HIGH This Week

Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flets Install Tool
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10827 HIGH This Week

Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Flets Azukuu Pc Automatic Backup Tool
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10826 HIGH This Week

Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Kinou Mihariban
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10812 HIGH This Week

Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Photo Collection Pc Software
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2972 HIGH PATCH This Week

IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Sametime
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3746 HIGH PATCH This Week

ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Privilege Escalation Thinkpad Usb 3 0 Ethernet Adapter Driver
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3757 HIGH PATCH This Week

An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Lenovo Elan Touchpad Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-5209 HIGH PATCH This Week

Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Struts
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2014-9497 HIGH This Week

Buffer overflow in mpg123 before 1.18.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mpg123
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-8752 HIGH PATCH This Week

Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Atlas
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-3154 HIGH PATCH This Week

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Atlas
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-7255 HIGH This Week

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Ox 330P Firmware Zxhn H108N Firmware W300V1 0 0S Zrd Tr1 D68 Firmware +3
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-10843 HIGH PATCH This Week

baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Basercms
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-13745 HIGH This Week

There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jasper
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-13735 HIGH This Week

There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libraw
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-0234 HIGH PATCH This Week

Multiple temporary file creation vulnerabilities in pki-core 10.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pki Core
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-12775 HIGH PATCH This Week

qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Question2Answer
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2013-7432 HIGH This Week

The Googlemaps plugin before 3.1 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Googlemaps
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-4649 HIGH This Week

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2015-3654 HIGH This Week

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2015-3657 HIGH This Week

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass
NVD
CVSS 3.0
7.2
EPSS
0.8%
CVE-2015-3656 HIGH This Week

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass
NVD
CVSS 3.0
7.2
EPSS
0.8%
CVE-2015-3653 HIGH This Week

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Aruba Clearpass
NVD
CVSS 3.0
7.2
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy