Skip to main content
CVE-2017-16926 CRITICAL POC Act Now

Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ohcount
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2017-15099 MEDIUM This Month

INSERT ... Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.1% and no vendor patch available.

PostgreSQL Information Disclosure Debian Linux
NVD
CVSS 3.0
6.5
EPSS
27.1%
CVE-2017-2738 CRITICAL Act Now

VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Vcm5010 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-8861 CRITICAL Act Now

Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3960Hd Firmware
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-13071 CRITICAL Act Now

QNAP has already patched this vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-8864 CRITICAL Act Now

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE 3960Hd Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-8862 CRITICAL Act Now

The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload 3960Hd Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-8122 CRITICAL Act Now

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-8129 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8128 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8126 CRITICAL Act Now

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8124 CRITICAL Act Now

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8123 CRITICAL Act Now

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8120 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8119 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8117 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8133 HIGH This Week

Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Command Injection Neteco
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-8135 HIGH This Week

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Fusionsphere Openstack
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-2722 HIGH This Week

DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Dp300 Firmware Te60 Firmware Tp3106 Firmware +5
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-2719 HIGH This Week

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Fusionsphere Openstack
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-2718 HIGH This Week

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Fusionsphere Openstack
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-8194 HIGH This Week

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fusionsphere Openstack
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-8195 HIGH This Week

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fusionsphere Openstack
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-8134 HIGH This Week

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Fusionsphere Openstack
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-8132 HIGH This Week

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Fusionsphere Openstack
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-8131 HIGH This Week

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Fusionsphere Openstack
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-2737 HIGH This Week

VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vcm5010 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-8138 HIGH This Week

HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Hedex Lite
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-2726 HIGH This Week

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google P10 Firmware P10 Plus Firmware
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-2724 HIGH This Week

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google P10 Firmware P10 Plus Firmware
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-8155 HIGH This Week

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass B2338 168 Firmware
NVD
CVSS 3.0
8.4
EPSS
0.0%
CVE-2017-15098 HIGH This Week

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2017-8193 HIGH This Week

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fusionsphere Openstack
NVD
CVSS 3.0
8.0
EPSS
0.4%
CVE-2017-2714 HIGH This Week

The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Fusionsphere Openstack
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2017-16879 HIGH This Week

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Ncurses
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-8203 HIGH This Week

The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Memory Corruption Huawei +2
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-2693 HIGH This Week

ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal P8 Lite Firmware Mate 7 Firmware Mate S Firmware P8 Firmware +4
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8159 HIGH This Week

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Agassi L09Hn Firmware Agassi W09Hn Firmware +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8160 HIGH This Week

The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Memory Corruption Huawei +5
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8142 HIGH This Week

The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free RCE Mate 9 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2692 HIGH This Week

The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection P8 Lite Firmware Mate 7 Firmware Mate S Firmware P8 Firmware +4
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8212 HIGH This Week

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google Huawei Honor 5C Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8211 HIGH This Week

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google Huawei Honor 5C Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8210 HIGH This Week

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google Huawei Honor 5C Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8209 HIGH This Week

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google Huawei Honor 5C Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8208 HIGH This Week

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google Huawei Honor 5C Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8207 HIGH This Week

The driver of honor 5C, honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google Huawei Honor 5C Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8170 HIGH This Week

Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Vie L09 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8169 HIGH This Week

Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Vie L09 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8204 HIGH This Week

The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due to the lack of parameter validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Honor 9 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy