Skip to main content
CVE-2015-3934 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fiyo Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-16923 HIGH POC This Week

Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac9 Firmware Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
3.5%
CVE-2017-16613 CRITICAL PATCH Act Now

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Swauth Swift Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-16840 CRITICAL PATCH Act Now

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Ffmpeg Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2017-5719 CRITICAL Act Now

A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Deep Learning Training Tool
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-16920 CRITICAL PATCH Act Now

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Finecms
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-7550 CRITICAL PATCH Act Now

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ansible Enterprise Linux Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2017-16664 HIGH PATCH This Week

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Code Injection Otrs Debian Linux
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-15044 HIGH This Week

The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fulltext Server
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-5711 HIGH This Week

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Intel Manageability Engine Firmware Active Management Technology Firmware +196
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-5705 HIGH This Week

Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Intel Manageability Engine Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5707 HIGH This Week

Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Intel Trusted Execution Engine Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5706 HIGH PATCH This Week

Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Intel Server Platform Services Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5708 HIGH This Week

Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Manageability Engine Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5709 HIGH PATCH This Week

Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Authentication Bypass Server Platform Services Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5710 HIGH This Week

Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Trusted Execution Engine Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5712 HIGH This Week

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Intel Manageability Engine Firmware Active Management Technology Firmware +196
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2017-5729 HIGH This Week

Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Intel Information Disclosure Dual Band Wireless Ac 3160 Dual Band Wireless Ac 7260 Dual Band Wireless N 7260 +13
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2017-16919 MEDIUM This Month

MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mapos
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy