Skip to main content
CVE-2017-16524 HIGH POC THREAT Act Now

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.7%.

Samsung PHP File Upload Web Viewer
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
74.7%
Threat
5.5
CVE-2017-16570 HIGH POC PATCH This Week

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Keystone
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-16565 HIGH POC This Week

Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ht802 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-16563 HIGH POC This Week

Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ht802 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2017-16001 HIGH POC This Week

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Hashicorp VMware Privilege Escalation Vagrant
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6331 HIGH POC This Week

Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Endpoint Protection
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.8%
CVE-2017-15672 HIGH This Week

The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-16547 HIGH PATCH This Week

The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Graphicsmagick
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-12719 HIGH This Week

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-14029 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vtscada
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-13681 HIGH This Week

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7529 HIGH PATCH This Week

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Sos Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14031 HIGH This Week

An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Vtscada
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7425 HIGH This Week

Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Imanager
NVD
CVSS 3.0
7.6
EPSS
0.5%
CVE-2017-11177 HIGH This Week

TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Triton Ap Email
NVD
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy