Skip to main content
CVE-2017-14706 CRITICAL POC THREAT Emergency

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.4%.

Microsoft Authentication Bypass PHP I Suite Web Application Firewall
NVD GitHub
CVSS 3.0
9.8
EPSS
72.4%
Threat
5.6
CVE-2017-14078 CRITICAL PATCH Act Now

SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 66.3%.

Trend Micro RCE SQLi Mobile Security
NVD
CVSS 3.0
9.8
EPSS
66.3%
Threat
4.0
CVE-2017-11395 HIGH POC PATCH This Week

Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Trend Micro Command Injection Smart Protection Server
NVD
CVSS 3.0
8.8
EPSS
8.5%
CVE-2017-14637 CRITICAL POC Act Now

In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14705 HIGH POC This Week

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Microsoft Command Injection I Suite Web Application Firewall
NVD GitHub
CVSS 3.0
8.1
EPSS
4.4%
CVE-2017-14686 HIGH POC This Week

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Denial Of Service Mupdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-14687 HIGH POC This Week

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Mupdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14685 HIGH POC This Week

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Mupdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14081 HIGH PATCH Act Now

Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3%.

RCE Trend Micro Command Injection Mobile Security
NVD
CVSS 3.0
8.8
EPSS
13.3%
CVE-2017-14079 HIGH PATCH Act Now

Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.2%.

RCE Trend Micro File Upload Mobile Security
NVD
CVSS 3.0
8.8
EPSS
13.2%
CVE-2017-14684 MEDIUM POC This Month

In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-14653 MEDIUM POC This Month

member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aspcms
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-14080 CRITICAL PATCH Act Now

Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Mobile Security
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2017-9393 CRITICAL Act Now

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager Identity Manager Virtual Appliance
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14636 CRITICAL Act Now

Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14717 MEDIUM POC This Month

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Epesi
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-14712 MEDIUM POC This Month

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Epesi
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-14716 MEDIUM POC This Month

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Epesi
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14715 MEDIUM POC This Month

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Epesi
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14714 MEDIUM POC This Month

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Epesi
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14713 MEDIUM POC This Month

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Epesi
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-8007 HIGH This Week

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Emc M R Emc Storage Monitoring And Reporting Emc Vipr Srm Emc Vnx Monitoring And Reporting
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2017-3770 HIGH This Week

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Xclarity Administrator
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-6277 HIGH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6272 HIGH This Week

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14694 HIGH This Week

Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Foxit Reader
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14692 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14690 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14693 HIGH This Week

IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14691 HIGH This Week

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14689 HIGH This Week

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14688 HIGH This Week

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6268 HIGH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6269 HIGH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8012 HIGH This Week

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Java Emc M R Emc Storage Monitoring And Reporting Emc Vipr Srm +1
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2017-11396 HIGH PATCH This Week

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2017-3763 MEDIUM This Month

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-6271 MEDIUM This Month

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6270 MEDIUM This Month

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6267 MEDIUM This Month

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-6266 MEDIUM This Month

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
5.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy