Skip to main content
CVE-2017-12733 CRITICAL Act Now

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sitesentinel Isite Atg Firmware Sitesentinel Integra 500 Firmware Sitesentinel Integra 100 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-12731 CRITICAL Act Now

A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sitesentinel Isite Atg Firmware Sitesentinel Integra 500 Firmware Sitesentinel Integra 100 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-14228 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-14224 HIGH PATCH This Week

A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-14225 HIGH PATCH This Week

The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-14226 HIGH PATCH This Week

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libreoffice Libwpd
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-14227 HIGH This Week

In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure MongoDB
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-14229 HIGH This Week

There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jasper
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-12699 HIGH This Week

An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Daqfactory
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-14223 MEDIUM PATCH This Month

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-14222 MEDIUM PATCH This Month

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-8040 MEDIUM PATCH This Month

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Single Sign On For Pivotal Cloud Foundry
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-8041 MEDIUM PATCH This Month

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Single Sign On For Pivotal Cloud Foundry
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-5147 MEDIUM This Month

An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Daqfactory
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy