Skip to main content
CVE-2017-15361 MEDIUM PATCH This Month

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 -. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 73.4%.

Google Information Disclosure Trusted Platform Firmware Rsa Library Chrome
NVD GitHub
CVSS 3.0
5.9
EPSS
73.4%
CVE-2015-2780 CRITICAL POC PATCH THREAT Act Now

Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.9%.

RCE File Upload Berta Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
31.9%
Threat
4.4
CVE-2014-9148 CRITICAL POC THREAT Emergency

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.2%.

Authentication Bypass Fiyo Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.2%
Threat
4.2
CVE-2015-7687 CRITICAL POC THREAT Emergency

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Denial Of Service Memory Corruption Use After Free RCE Opensmtpd +1
NVD
CVSS 3.0
9.8
EPSS
10.1%
CVE-2014-9147 HIGH POC THREAT Act Now

Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Fiyo Cms
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.9%
CVE-2017-15376 CRITICAL POC Act Now

The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Mobaxterm
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2014-8621 CRITICAL POC Act Now

SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Store Locator
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-15373 CRITICAL POC Act Now

E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Sic
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-15221 HIGH POC This Week

ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Asx To Mp3 Converter
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
7.0%
CVE-2015-4650 CRITICAL Act Now

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Aruba Clearpass Policy Manager
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2017-15374 MEDIUM POC This Month

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shopware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.5%
CVE-2017-14952 CRITICAL PATCH Act Now

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE International Components For Unicode
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2014-8087 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Post Highlights
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-15384 MEDIUM POC This Month

rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rate Me
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15375 MEDIUM POC This Month

Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpjobboard
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15293 CRITICAL Act Now

Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Point Of Sale Xpress Server
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15295 CRITICAL Act Now

Xpress Server in SAP POS does not require authentication for read/write/delete file access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Point Of Sale Xpress Server
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-15303 HIGH Act Now

In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver...

Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2017-9367 CRITICAL Act Now

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Workspaces Vapp Workspaces Appliance X
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-15372 MEDIUM POC This Month

There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Sound Exchange Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-15370 MEDIUM POC This Month

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Sound Exchange Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-15371 MEDIUM POC This Month

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2014-0208 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Foreman
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2014-3702 CRITICAL Act Now

Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Edeploy
NVD GitHub
CVSS 3.0
9.1
EPSS
1.1%
CVE-2016-4461 HIGH PATCH This Week

{}" sequence in a tag attribute, aka forced double OGNL evaluation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Apache Struts Oncommand Balance
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2016-8734 MEDIUM This Month

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.9% and no vendor patch available.

Denial Of Service Apache Subversion Debian Linux
NVD
CVSS 3.0
6.5
EPSS
12.9%
CVE-2015-7504 HIGH PATCH This Week

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service RCE Qemu +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-15296 HIGH This Week

The Java component in SAP CRM has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF SAP Java Customer Relationship Management
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-15297 HIGH This Week

SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2017-15385 HIGH PATCH This Week

The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15368 HIGH PATCH This Week

The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-15369 HIGH This Week

The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Mupdf
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15383 HIGH This Week

Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nero
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-15302 HIGH This Week

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cpu Z
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0316 HIGH This Week

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2014-7851 HIGH This Week

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Ovirt Ovirt Engine
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-9368 HIGH This Week

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Workspaces Vapp Workspaces Appliance X
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-15265 HIGH PATCH This Week

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2017-15362 MEDIUM This Month

osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE CSRF PHP Osticket
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-15294 MEDIUM This Month

The Java administration console in SAP CRM has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Java Customer Relationship Management
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-0029 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Red Hat Subscription Asset Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-3229 MEDIUM PATCH This Month

fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Spin Kickstarts
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2017-15289 MEDIUM PATCH This Month

The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Qemu
NVD
CVSS 3.1
6.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy