Skip to main content
CVE-2017-14335 HIGH POC THREAT Act Now

On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.2%.

Information Disclosure Hb7024Xt Firmware Hb7032Xt Firmware Hb7008T2 Firmware Hb7016T2 Firmware +65
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
20.2%
CVE-2017-1000251 HIGH POC PATCH This Week

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Linux RCE Linux Kernel +9
NVD GitHub Exploit-DB
CVSS 3.1
8.0
EPSS
3.0%
CVE-2017-14266 HIGH POC This Week

tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tcpreplay
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.5%
CVE-2017-14344 HIGH POC This Week

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Windriver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-9228 HIGH This Week

In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP File Upload Nextgen Gallery
NVD GitHub
CVSS 3.0
8.8
EPSS
5.0%
CVE-2017-14348 HIGH This Week

LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libraw
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-14399 HIGH This Week

In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Blackcat Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-14319 HIGH PATCH This Week

A grant unmapping issue was discovered in Xen through 4.9.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Xen
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-14316 HIGH PATCH This Week

A parameter verification issue was discovered in Xen through 4.9.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Xen
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-14337 HIGH This Week

When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Misp
NVD GitHub
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-14333 HIGH This Week

The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-1452 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1451 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14315 HIGH This Week

In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Apple Iphone Os
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2014-9624 HIGH This Week

CAPTCHA bypass vulnerability in MantisBT before 1.2.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mantisbt
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-1162 HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy