Skip to main content
CVE-2017-14734 HIGH POC This Week

The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libbpg
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2015-7293 HIGH POC PATCH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Plone Zope Management Interface
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14683 HIGH POC PATCH This Week

geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Geminabox
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2015-4669 HIGH POC This Week

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xsuite
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-5237 HIGH PATCH GHSA This Week

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Protobuf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2015-5182 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Amq
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2015-5263 HIGH PATCH This Week

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pulp
NVD GitHub
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-14729 HIGH PATCH This Week

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2015-5704 HIGH PATCH This Week

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Devscripts Fedora
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14730 HIGH This Week

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-1362 HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-7318 HIGH PATCH This Week

Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Plone
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-5183 HIGH This Week

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Amq Jboss A Mq Jboss Enterprise Web Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2015-5184 HIGH This Week

Console: CORS headers set to allow all in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Amq Jboss Enterprise Web Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2016-5868 HIGH PATCH This Week

drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Android
NVD
CVSS 3.0
7.0
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy