Skip to main content
CVE-2017-14702 CRITICAL POC THREAT Emergency

ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Deserialization RCE Ers Data System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
12.4%
CVE-2017-14738 CRITICAL POC PATCH Act Now

FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Filerun
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.3%
CVE-2017-14942 CRITICAL POC Act Now

Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Wrn 150 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-13983 CRITICAL Act Now

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.9% and no vendor patch available.

Authentication Bypass Bsm Platform Application Performance Management System Health
NVD
CVSS 3.0
9.8
EPSS
14.9%
CVE-2017-14947 HIGH POC This Week

Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Denial Of Service Gsview
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-14946 HIGH POC This Week

Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Gsview
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14945 HIGH POC This Week

Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Gsview
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14620 MEDIUM POC This Month

SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smarterstats
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-14351 CRITICAL Act Now

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Ucmdb Configuration Manager
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2017-14939 MEDIUM POC PATCH This Month

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.0%
CVE-2017-14350 CRITICAL Act Now

A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Application Performance Management
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-14349 CRITICAL Act Now

An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Sitescope
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-10512 CRITICAL Act Now

MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Faxfinder
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-13982 HIGH This Week

A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Bsm Platform Application Performance Management System Health
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-9233 HIGH This Week

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress CSRF PHP Cp Contact Form With Paypal
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-13989 HIGH This Week

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-14924 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-14925 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2016-4434 HIGH PATCH This Week

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

XXE Apache Tika
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-13684 HIGH This Week

Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mcp Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14935 HIGH PATCH This Week

Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ivanti Information Disclosure Pulse One On Premise
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14944 HIGH This Week

Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Proget
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-14929 HIGH This Week

In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Poppler
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-9234 HIGH This Week

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Cp Contact Form With Paypal
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2017-13984 MEDIUM This Month

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Bsm Platform Application Performance Management System Health
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2017-13985 MEDIUM This Month

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Bsm Platform Application Performance Management System Health
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-13987 MEDIUM This Month

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-13988 MEDIUM This Month

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-14920 MEDIUM PATCH This Month

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Egroupware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2017-14352 MEDIUM This Month

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Ucmdb Configuration Manager
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-13986 MEDIUM This Month

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14582 MEDIUM This Month

The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Zoho Site24X7 Mobile Network Poller
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-14938 MEDIUM PATCH This Month

_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-14933 MEDIUM PATCH This Month

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-14940 MEDIUM PATCH This Month

scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14932 MEDIUM PATCH This Month

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14930 MEDIUM PATCH This Month

Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14934 MEDIUM PATCH This Month

process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14931 MEDIUM This Month

ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Openexif
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-14928 MEDIUM This Month

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Poppler Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-14926 MEDIUM This Month

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Poppler Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-14927 MEDIUM This Month

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Poppler
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-14923 MEDIUM PATCH This Month

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tine 2 0
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14922 MEDIUM PATCH This Month

Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tine 2 0
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14921 MEDIUM PATCH This Month

Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tine 2 0
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-13991 MEDIUM This Month

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-13990 MEDIUM This Month

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-9794 MEDIUM PATCH This Month

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Geode
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy