Skip to main content
CVE-2017-8020 CRITICAL Act Now

An issue was discovered in EMC ScaleIO 2.0.1.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Scaleio
NVD
CVSS 3.0
9.8
EPSS
8.6%
CVE-2017-17043 MEDIUM POC This Month

The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Emag Marketplace Connector
NVD
CVSS 3.0
6.1
EPSS
4.0%
CVE-2017-9315 CRITICAL Act Now

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dahua Ipc Hfw1Xxx Firmware Ipc Hdw1Xxx Firmware Ipc Hdbw1Xxx Firmware +22
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-16951 MEDIUM POC This Month

Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Winamp Pro
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.5%
CVE-2017-16952 MEDIUM POC This Month

KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Kmplayer
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.3%
CVE-2016-10701 HIGH This Week

In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pentaho Business Analytics
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17045 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Xen
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-8001 HIGH This Week

An issue was discovered in EMC ScaleIO 2.0.1.x. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emc Scaleio
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2017-8019 HIGH This Week

An issue was discovered in EMC ScaleIO 2.0.1.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Scaleio
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2017-17042 HIGH PATCH This Week

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Yard
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-15673 HIGH This Week

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Cs Cart
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-14389 MEDIUM This Month

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Deployment Cf Release
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-17046 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-17044 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-10702 MEDIUM This Month

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pebble Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14379 MEDIUM This Month

EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsa Authentication Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy