Skip to main content
CVE-2016-10504 MEDIUM POC PATCH This Month

Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Openjpeg
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
6.1%
CVE-2017-12698 CRITICAL Act Now

An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Webaccess
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2017-13776 MEDIUM POC PATCH This Month

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-14042 MEDIUM POC PATCH This Month

A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Graphicsmagick
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12706 CRITICAL Act Now

A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-12708 CRITICAL Act Now

An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Webaccess
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-14035 CRITICAL Act Now

CrushFTP 8.x before 8.2.0 has a serialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Crushftp
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-3163 HIGH PATCH Act Now

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9%.

Path Traversal Apache Solr
NVD
CVSS 3.0
7.5
EPSS
11.9%
CVE-2017-1440 HIGH PATCH This Week

IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM Emptoris Services Procurement
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2017-14041 HIGH PATCH This Week

A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service RCE Openjpeg +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2017-14040 HIGH PATCH This Week

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Openjpeg Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2017-12704 HIGH This Week

A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Webaccess
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-14039 HIGH PATCH This Week

A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Openjpeg Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2016-4462 HIGH This Week

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Ofbiz
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-12702 HIGH This Week

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webaccess
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-1442 HIGH PATCH This Week

IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Emptoris Services Procurement
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-12069 HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 Wincc Local Discovery Server +1
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-14032 HIGH PATCH This Week

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.0
8.1
EPSS
0.1%
CVE-2017-12717 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-13774 HIGH This Week

Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Hikvision Information Disclosure Ivms 4200
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12713 HIGH This Week

An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12711 HIGH This Week

An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11157 HIGH This Week

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Synology Microsoft Cloud Station Backup
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-13765 HIGH PATCH This Week

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-13780 HIGH This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-12710 HIGH This Week

A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-13764 HIGH PATCH This Week

In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-12734 HIGH PATCH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Logo 8 Bm Fs 05 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-13763 HIGH PATCH This Week

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Onos
NVD VulDB
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-13766 HIGH PATCH This Week

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-13767 HIGH PATCH This Week

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-12735 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2016-10506 MEDIUM PATCH This Month

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Openjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
4.3%
CVE-2017-13775 MEDIUM PATCH This Month

GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2017-13777 MEDIUM PATCH This Month

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-13768 MEDIUM PATCH This Month

Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2016-10505 MEDIUM PATCH This Month

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Openjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-13769 MEDIUM PATCH This Month

The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2016-10507 MEDIUM PATCH This Month

Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Openjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-9945 MEDIUM This Month

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure 7Km Pac Switched Ethernet Profinet Expansion Module Firmware
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-6800 MEDIUM This Month

The default configuration of the Apache OFBiz framework offers a blog functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Ofbiz
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-13762 MEDIUM This Month

ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Onos
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-1443 MEDIUM PATCH This Month

IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Services Procurement
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-13778 MEDIUM PATCH This Month

Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fiyo Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14037 MEDIUM This Month

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crushftp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14036 MEDIUM This Month

CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Crushftp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14038 MEDIUM This Month

CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Crushftp
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-5001 MEDIUM PATCH This Month

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Hadoop
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1441 MEDIUM PATCH This Month

IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Emptoris Services Procurement
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1446 MEDIUM This Month

IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy