Skip to main content
CVE-2015-1187 CRITICAL POC KEV THREAT Emergency

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

D-Link Authentication Bypass RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
81.2%
Threat
7.4
CVE-2017-12930 CRITICAL POC Act Now

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dlx Spot Player4
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.0%
CVE-2017-14652 CRITICAL POC Act Now

SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tapatalk
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-14631 CRITICAL POC Act Now

In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14628 CRITICAL POC Act Now

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14630 CRITICAL POC Act Now

In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-12929 HIGH POC This Week

Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dlx Spot Player4
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.9%
CVE-2017-14680 HIGH POC THREAT Act Now

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Information Disclosure Zktime Web
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.1%
CVE-2017-7544 CRITICAL POC Act Now

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libexif
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2017-14639 HIGH POC PATCH This Week

AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-14644 HIGH POC This Week

A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Bento4
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-14682 HIGH POC This Week

GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Imagemagick
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-14650 HIGH POC PATCH This Week

A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Horde Image Api
NVD GitHub
CVSS 3.0
8.1
EPSS
3.0%
CVE-2017-14646 HIGH POC PATCH This Week

The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-14629 HIGH POC This Week

In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Sam2P
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14632 CRITICAL Act Now

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Libvorbis Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2017-14638 MEDIUM POC PATCH This Month

AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-14641 MEDIUM POC PATCH This Month

A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-14643 MEDIUM POC PATCH This Month

The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-14640 MEDIUM POC PATCH This Month

A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-14642 MEDIUM POC PATCH This Month

A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-14648 CRITICAL Act Now

A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Bladeenc
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2017-12928 CRITICAL Act Now

A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dlx Spot Player4
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-14625 CRITICAL PATCH Act Now

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-14624 CRITICAL PATCH Act Now

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-14626 CRITICAL PATCH Act Now

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-9283 CRITICAL Act Now

An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Visibroker
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9282 CRITICAL Act Now

An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Visibroker
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-12170 CRITICAL Act Now

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pure Ftpd Fedora
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-5284 CRITICAL PATCH Act Now

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Freeipa
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-14651 MEDIUM POC PATCH This Month

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Api Manager App Manager Application Server Business Process Server +13
NVD GitHub
CVSS 3.1
4.8
EPSS
3.7%
CVE-2017-14321 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Helpdesk Mx
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-14160 HIGH This Week

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libvorbis Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2017-14647 HIGH This Week

A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Bento4
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-12214 HIGH This Week

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Customer Voice Portal
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-14635 HIGH This Week

In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Otrs
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-12253 HIGH This Week

A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Unified Intelligence Center
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2015-0276 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Kallithea
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14246 HIGH This Week

An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libsndfile Debian Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-14245 HIGH This Week

An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libsndfile Debian Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-14320 HIGH This Week

Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Helpdesk Mx
NVD
CVSS 3.0
8.0
EPSS
0.8%
CVE-2017-9725 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-11041 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10998 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-3887 HIGH PATCH This Week

Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Proxychains Ng
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11000 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10999 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10997 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12252 HIGH This Week

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Findit Network Discovery Utility
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8277 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Use After Free Google Qualcomm Information Disclosure +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy