Skip to main content
CVE-2014-9118 HIGH POC THREAT Act Now

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.3%.

Command Injection Znid 2426A Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
52.3%
Threat
4.8
CVE-2014-8357 HIGH POC THREAT Act Now

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

Authentication Bypass Znid 2426A Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
18.3%
CVE-2017-15565 HIGH POC This Week

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Poppler Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-13082 HIGH POC This Week

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2014-2664 HIGH This Week

Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload X2Crm
NVD
CVSS 3.0
8.8
EPSS
6.9%
CVE-2014-8324 HIGH PATCH This Week

network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Aircrack Ng
NVD GitHub
CVSS 3.0
7.5
EPSS
7.9%
CVE-2014-8323 HIGH PATCH This Week

buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Aircrack Ng
NVD GitHub
CVSS 3.0
7.5
EPSS
7.9%
CVE-2014-9489 HIGH PATCH This Week

The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Gollum Gollum Lib Grit Adapter
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-14005 HIGH This Week

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Multiflex M10A Controller Firmware
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-14011 HIGH This Week

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Multiflex M10A Controller Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-9625 HIGH This Week

An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envidas Ultimate
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2017-3759 HIGH PATCH This Week

The Lenovo Service Framework Android application accepts some responses from the server without proper validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Google Lenovo Service Framework
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2017-3760 HIGH PATCH This Week

The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Google Lenovo Service Framework
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2017-5531 HIGH This Week

Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Managed File Transfer Command Center Managed File Transfer Internet Server
NVD
CVSS 3.0
8.0
EPSS
0.5%
CVE-2017-6273 HIGH This Week

NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nvidia Adsp Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9697 HIGH This Week

Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Usg9560 Firmware Usg9520 Firmware Usg9580 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2014-2277 HIGH This Week

The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Perltidy
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy