Skip to main content
CVE-2015-2856 HIGH POC THREAT Act Now

Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.2%.

Path Traversal File Transfer Appliance
NVD
CVSS 3.0
7.5
EPSS
71.2%
Threat
5.1
CVE-2017-5637 HIGH POC PATCH THREAT Act Now

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.4%.

Authentication Bypass Apache Zookeeper Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.4%
CVE-2017-13723 HIGH This Week

In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow X Server Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11053 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-5675 HIGH This Week

The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Freebsd
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9687 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9686 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11048 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Use After Free Google Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11059 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11050 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size less than the minimal possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9714 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9706 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11067 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11057 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11056 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11046 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Memory Corruption Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9683 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Integer Overflow Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-15191 HIGH PATCH This Week

In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-7384 HIGH This Week

Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-14603 HIGH This Week

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Asterisk Certified Asterisk
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-15193 HIGH PATCH This Week

In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-15192 HIGH PATCH This Week

In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-15190 HIGH PATCH This Week

In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-15189 HIGH PATCH This Week

In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14943 HIGH This Week

Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Transitmaster
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7503 HIGH PATCH This Week

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zend Framework
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-2988 HIGH This Week

Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Rakuten Card
NVD
CVSS 3.0
7.4
EPSS
0.7%
CVE-2017-9717 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-9715 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11064 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11062 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in __wlan_hdd_cfg80211_do_acs which can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11061 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11060 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11055 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11054 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11052 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11051 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-5639 HIGH This Week

niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Niconico
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2015-8239 HIGH PATCH This Week

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Sudo
NVD
CVSS 3.0
7.0
EPSS
0.9%
CVE-2015-7842 HIGH This Week

Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Rh2288 V3 Firmware Rh2288H V3 Firmware Xh628 V3 Firmware +7
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2017-9697 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command. Rated high severity (CVSS 7.0). No vendor patch available.

Linux Google Race Condition Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy