Skip to main content
CVE-2017-2894 CRITICAL POC Act Now

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Mongoose
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2017-2891 CRITICAL POC Act Now

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free RCE Mongoose
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2017-2922 CRITICAL POC Act Now

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Use After Free RCE Mongoose
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2017-2921 CRITICAL POC Act Now

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Denial Of Service Buffer Overflow Mongoose
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2017-16561 CRITICAL POC Act Now

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ingenious School Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-2866 HIGH POC This Week

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Circle With Disney Firmware
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2017-2917 HIGH POC This Week

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Circle With Disney Firmware
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2017-12085 CRITICAL POC Act Now

An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.0
9.0
EPSS
1.5%
CVE-2017-16642 HIGH POC PATCH This Week

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Debian Linux Ubuntu Linux +2
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
8.3%
CVE-2017-2916 HIGH POC This Week

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-2881 HIGH POC This Week

An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-2893 HIGH POC This Week

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Mongoose
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2017-2882 HIGH POC This Week

An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Circle With Disney Firmware
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2017-2883 HIGH POC This Week

An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Circle With Disney Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2017-2914 HIGH POC This Week

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Circle With Disney Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2017-12084 HIGH POC This Week

A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Circle With Disney Firmware
NVD
CVSS 3.0
8.0
EPSS
0.4%
CVE-2017-2915 HIGH POC This Week

An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2017-2898 HIGH POC This Week

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Race Condition Circle With Disney Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-2889 HIGH POC This Week

An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Circle With Disney Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-2884 HIGH POC This Week

An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Circle With Disney Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-12094 HIGH POC This Week

An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Circle With Disney Firmware
NVD
CVSS 3.0
7.4
EPSS
0.3%
CVE-2017-16641 HIGH POC This Week

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Cacti
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2017-12096 MEDIUM POC This Month

An exploitable vulnerability exists in the WiFi management of Circle with Disney. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Circle With Disney Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-2892 CRITICAL Act Now

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service Information Disclosure Mongoose
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2017-2890 HIGH This Week

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Circle With Disney Firmware
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2017-2913 MEDIUM POC This Month

An exploitable vulnerability exists in the filtering functionality of Circle with Disney. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2017-2911 MEDIUM POC This Month

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2017-2912 MEDIUM POC This Month

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-2864 CRITICAL Act Now

An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Circle With Disney Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2017-15887 CRITICAL Act Now

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Information Disclosure Carddav Server
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-12083 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.0
5.8
EPSS
0.3%
CVE-2016-0872 CRITICAL Act Now

A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webdatorcentral
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-2895 HIGH This Week

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mongoose
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2017-2909 HIGH This Week

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mongoose
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-2865 HIGH This Week

An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2017-16644 MEDIUM This Month

The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16647 MEDIUM This Month

drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16646 MEDIUM This Month

drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16649 MEDIUM This Month

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16650 MEDIUM This Month

The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16648 MEDIUM This Month

The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16645 MEDIUM This Month

The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
6.6
EPSS
0.0%
CVE-2017-16643 MEDIUM PATCH This Month

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
6.6
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy