Skip to main content
CVE-2014-0997 HIGH POC THREAT Act Now

WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.3%.

Denial Of Service Google Samsung Android
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.3%
CVE-2017-14704 HIGH POC This Week

Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Airbnb Clone
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.9%
CVE-2017-14743 HIGH POC This Week

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Fsc 880 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-13129 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zktime Web
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-14749 HIGH POC This Week

JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Jerryscript
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-14001 HIGH This Week

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Asterisk Gui
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2017-5200 HIGH PATCH This Week

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Salt
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2014-8170 HIGH This Week

ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Ovirt Node
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-1539 HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-5192 HIGH PATCH This Week

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-7969 HIGH PATCH This Week

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Schneider Electric Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1527 HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Business Process Manager
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-14745 HIGH PATCH This Week

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9961 HIGH This Week

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric Pro Face Gp Pro Ex
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-8156 HIGH This Week

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Debian Ubuntu Privilege Escalation +4
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9958 HIGH This Week

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric U Motion Builder
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14739 HIGH PATCH This Week

The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9962 HIGH This Week

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Clearscada
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-9956 HIGH This Week

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2017-14602 HIGH PATCH This Week

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Citrix Authentication Bypass Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-12154 HIGH PATCH This Week

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy