Skip to main content
CVE-2013-6924 CRITICAL POC THREAT Emergency

Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.4%.

PHP Command Injection Blackarmor Nas 220 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
48.4%
Threat
4.9
CVE-2017-5791 CRITICAL Emergency

The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 64.3% and no vendor patch available.

Authentication Bypass Intelligent Management Center Plat
NVD
CVSS 3.0
9.8
EPSS
64.3%
CVE-2017-5789 CRITICAL Emergency

HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.9% and no vendor patch available.

Buffer Overflow RCE Loadrunner Performance Center
NVD
CVSS 3.0
9.8
EPSS
33.9%
CVE-2017-15220 CRITICAL POC THREAT Emergency

Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Buffer Overflow RCE Vx Search
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.4%
CVE-2017-15235 HIGH POC THREAT Act Now

The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.7%.

Authentication Bypass Groupware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
12.7%
CVE-2017-2888 HIGH POC This Week

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Simple Directmedia Layer Ubuntu Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2017-15236 HIGH POC This Week

Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tiandy Ip Camera Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
4.4%
CVE-2017-15267 HIGH POC This Week

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libextractor
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-0903 CRITICAL PATCH Act Now

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Rubygems Debian Linux Ubuntu Linux +6
NVD GitHub
CVSS 3.0
9.8
EPSS
5.5%
CVE-2017-15232 MEDIUM POC PATCH This Month

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libjpeg Turbo
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-15194 MEDIUM POC PATCH This Month

include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Cacti
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14003 CRITICAL Act Now

An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ether Serial Link Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-15266 MEDIUM POC PATCH This Month

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libextractor
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7352 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System >. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Purity
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2017-2887 HIGH This Week

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Sdl Image Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2017-15238 HIGH PATCH This Week

ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-15188 MEDIUM POC This Month

A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-5700 HIGH PATCH This Week

Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Intel Authentication Bypass Nuc7I7Bnh Firmware Nuc7I5Bnh Firmware Nuc7I5Bnk Firmware +2
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2017-5721 HIGH PATCH This Week

Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via. Rated high severity (CVSS 7.5).

RCE Intel Nuc7I7Bnh Firmware Nuc7I5Bnh Firmware Nuc7I5Bnk Firmware +2
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2017-15257 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Pdf Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15253 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15252 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15251 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15249 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15248 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15246 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15242 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15262 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Pdf Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15260 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15259 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15258 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15256 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15255 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15254 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15250 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15247 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15245 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15244 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15243 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15241 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15240 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview Pdf
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15239 HIGH This Week

IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15264 HIGH This Week

IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is used as one. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15263 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15261 HIGH This Week

IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pdf Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12188 HIGH PATCH This Week

arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest. Rated high severity (CVSS 7.8).

Denial Of Service Linux Buffer Overflow RCE Stack Overflow +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-8025 HIGH This Week

RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

File Upload Archer Grc Platform
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2017-5722 HIGH PATCH This Week

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass. Rated high severity (CVSS 7.5). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Intel Privilege Escalation Nuc7I7Bnh Firmware Nuc7I5Bnh Firmware Nuc7I5Bnk Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.0%
CVE-2017-5701 HIGH PATCH This Week

Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

RCE Intel Nuc7I7Bnh Firmware Nuc7I5Bnh Firmware Nuc7I5Bnk Firmware +2
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-13722 HIGH PATCH This Week

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libxfont
NVD
CVSS 3.0
7.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy