Skip to main content
CVE-2017-9805 HIGH POC KEV PATCH THREAT Act Now

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Apache Deserialization RCE
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
94.3%
Threat
7.4
CVE-2014-9463 HIGH POC THREAT Act Now

functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.6%.

RCE Code Injection PHP Vbseo
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
26.6%
Threat
4.1
CVE-2017-9328 CRITICAL POC Act Now

Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Terramaster Operating System
NVD GitHub
CVSS 3.0
9.8
EPSS
6.2%
CVE-2017-0898 CRITICAL POC Act Now

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ruby
NVD GitHub
CVSS 3.0
9.1
EPSS
0.8%
CVE-2017-4924 HIGH POC This Week

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption VMware Fusion Workstation Pro +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2015-1527 HIGH POC PATCH This Week

Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-10845 CRITICAL Act Now

Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wi Fi Station L 02F Firmware
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2017-14498 MEDIUM POC PATCH This Month

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Silverstripe
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14489 MEDIUM POC PATCH This Month

The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-10860 HIGH This Week

Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE I Filter Installer
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-10859 HIGH This Week

Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure I Filter Installer
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10858 HIGH This Week

Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure I Filter Installer
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10855 HIGH This Week

Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Fence Explorer
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14497 HIGH PATCH This Week

The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2014-7808 HIGH PATCH This Week

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Wicket
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-10846 HIGH This Week

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wi Fi Station L 02F Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-2299 HIGH This Week

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Puppetlabs Apache
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-14484 HIGH PATCH This Week

The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Sci Mathematics Gimps
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2017-10813 MEDIUM This Month

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wlr 300 Nm Firmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2017-10814 MEDIUM This Month

Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Wlr 300 Nm Firmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2015-0110 MEDIUM This Month

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager Websphere Application Server
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-4925 MEDIUM This Month

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service VMware ESXi Workstation +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-14340 MEDIUM PATCH This Month

The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-14483 MEDIUM This Month

flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Python Information Disclosure Dev Python Flower
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-4926 MEDIUM PATCH This Month

VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS VMware Vcenter Server
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-10856 LOW Monitor

SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure B1 Firmware Bpv 4 Firmware X1 Firmware X2 Firmware +1
NVD
CVSS 3.0
3.7
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy