Skip to main content
CVE-2015-1187 CRITICAL POC KEV THREAT Emergency

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

D-Link Authentication Bypass RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
81.2%
Threat
7.4
CVE-2017-12930 CRITICAL POC Act Now

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dlx Spot Player4
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.0%
CVE-2017-14652 CRITICAL POC Act Now

SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tapatalk
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-14631 CRITICAL POC Act Now

In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14628 CRITICAL POC Act Now

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14630 CRITICAL POC Act Now

In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-7544 CRITICAL POC Act Now

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libexif
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2017-14632 CRITICAL Act Now

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Libvorbis Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2017-14648 CRITICAL Act Now

A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Bladeenc
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2017-12928 CRITICAL Act Now

A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dlx Spot Player4
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-14625 CRITICAL PATCH Act Now

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-14624 CRITICAL PATCH Act Now

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-14626 CRITICAL PATCH Act Now

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-9283 CRITICAL Act Now

An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Visibroker
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9282 CRITICAL Act Now

An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Visibroker
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-12170 CRITICAL Act Now

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pure Ftpd Fedora
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-5284 CRITICAL PATCH Act Now

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Freeipa
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy