Skip to main content
CVE-2017-14243 CRITICAL POC THREAT Emergency

An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.3%.

Authentication Bypass Wa3002G4 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
60.3%
Threat
5.3
CVE-2017-14244 CRITICAL POC THREAT Emergency

An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

Authentication Bypass Ib Wra150N Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
50.8%
Threat
5.0
CVE-2017-14512 CRITICAL POC Act Now

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14509 HIGH POC This Week

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sugarcrm
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-14508 HIGH POC This Week

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sugarcrm
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-14518 HIGH POC This Week

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Poppler
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-14520 HIGH POC This Week

In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Poppler
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14519 HIGH POC This Week

In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Poppler
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-14510 MEDIUM POC This Month

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sugarcrm
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14517 MEDIUM POC This Month

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Poppler
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-14513 MEDIUM POC This Month

Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Metinfo
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-14500 HIGH PATCH This Week

Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Newsbeuter
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2017-14502 HIGH This Week

read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libarchive
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-14515 HIGH This Week

Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-14511 HIGH This Week

An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP E Recruiting
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-14514 HIGH This Week

Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tenda W15e Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-14504 MEDIUM PATCH This Month

ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-14501 MEDIUM This Month

An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libarchive
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-14503 MEDIUM This Month

libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libarchive
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-14505 MEDIUM PATCH This Month

DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy