Skip to main content
CVE-2017-16844 CRITICAL Act Now

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.2% and no vendor patch available.

Buffer Overflow RCE Denial Of Service Procmail
NVD
CVSS 3.0
9.8
EPSS
20.2%
CVE-2017-14034 HIGH POC This Week

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libbpg
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-13136 HIGH POC This Week

The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Libbpg
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-12337 CRITICAL Act Now

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.

Cisco Authentication Bypass Emergency Responder Finesse Hosted Collaboration Solution +8
NVD
CVSS 3.0
9.8
EPSS
13.2%
CVE-2017-16851 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-16850 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-16849 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-16847 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-16846 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-13135 HIGH POC This Week

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libbpg
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-16777 HIGH POC This Week

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp VMware Privilege Escalation Vagrant
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-16848 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
9.5%
CVE-2017-16841 MEDIUM POC This Month

LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-16836 MEDIUM POC This Month

Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Arris Tg1682G Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-0909 CRITICAL PATCH Act Now

The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Private Address Check
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-0847 CRITICAL PATCH Act Now

An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-16843 MEDIUM POC This Month

Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vdv 23 Firmware
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-8807 CRITICAL PATCH Act Now

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Varnish Varnish Cache Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2017-5738 CRITICAL PATCH Act Now

Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Intel Privilege Escalation Information Disclosure Unite
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2017-0854 CRITICAL PATCH Act Now

An information disclosure vulnerability in the Android media framework (n/a). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.0
9.1
EPSS
0.1%
CVE-2017-0853 CRITICAL PATCH Act Now

An information disclosure vulnerability in the Android media framework (n/a). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
9.1
EPSS
0.1%
CVE-2017-15864 HIGH This Week

In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-16842 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wordpress Seo
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-15516 HIGH PATCH This Week

NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Snapcenter Server
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-16715 HIGH This Week

An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2017-16853 HIGH This Week

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Opensaml Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-12350 HIGH This Week

A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Umbrella Insights Virtual Appliance
NVD VulDB
CVSS 3.0
8.2
EPSS
0.0%
CVE-2017-16852 HIGH This Week

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Service Provider Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-0832 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2017-4931 HIGH PATCH This Week

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

VMware Information Disclosure Airwatch
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0836 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libhevc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0835 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0834 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google RCE Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0833 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libavc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0841 HIGH PATCH This Week

A remote code execution vulnerability in the Android system (libutils). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-4932 HIGH PATCH This Week

VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google VMware Privilege Escalation Airwatch Launcher
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-16837 HIGH PATCH This Week

Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Trusted Boot
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0861 HIGH PATCH This Week

Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Use After Free Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0830 HIGH PATCH This Week

An elevation of privilege vulnerability in the Android framework (device policy client). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11013 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12314 HIGH This Week

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Findit Network Discovery Utility
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11014 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1087 HIGH This Week

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Privilege Escalation Freebsd
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0866 HIGH This Week

An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Nvidia Google Tegra X1 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11092 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Use After Free Google Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11015 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-16834 HIGH PATCH This Week

PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Pnp4Nagios
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0831 HIGH PATCH This Week

An elevation of privilege vulnerability in the Android framework (window manager). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11026 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Linux Google Mozilla Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11091 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Use After Free Google Information Disclosure Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy