Skip to main content
CVE-2014-9147 HIGH POC THREAT Act Now

Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Fiyo Cms
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.9%
CVE-2017-15221 HIGH POC This Week

ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Asx To Mp3 Converter
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
7.0%
CVE-2017-15303 HIGH Act Now

In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver...

Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2016-4461 HIGH PATCH This Week

{}" sequence in a tag attribute, aka forced double OGNL evaluation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Apache Struts Oncommand Balance
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2015-7504 HIGH PATCH This Week

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service RCE Qemu +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-15296 HIGH This Week

The Java component in SAP CRM has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF SAP Java Customer Relationship Management
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-15297 HIGH This Week

SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2017-15385 HIGH PATCH This Week

The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15368 HIGH PATCH This Week

The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-15369 HIGH This Week

The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Mupdf
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15383 HIGH This Week

Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nero
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-15302 HIGH This Week

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cpu Z
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0316 HIGH This Week

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2014-7851 HIGH This Week

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Ovirt Ovirt Engine
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-9368 HIGH This Week

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Workspaces Vapp Workspaces Appliance X
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-15265 HIGH PATCH This Week

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy