Skip to main content
CVE-2017-11281 CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.9%.

Buffer Overflow RCE Adobe Flash Player Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
60.9%
Threat
5.3
CVE-2017-11282 CRITICAL POC THREAT Emergency

Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.7%.

Buffer Overflow RCE Adobe Flash Player Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.7%
Threat
4.1
CVE-2017-16953 HIGH POC THREAT Act Now

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Zte Authentication Bypass Zxdsl 831Cii Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
18.1%
CVE-2017-11284 CRITICAL PATCH Act Now

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.9%.

Deserialization Adobe Coldfusion
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2017-11283 CRITICAL PATCH Act Now

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.9%.

Deserialization Adobe Coldfusion
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2017-13664 CRITICAL POC Act Now

Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cubeone Firmware
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-17085 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
6.6%
CVE-2017-16612 HIGH POC PATCH This Week

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Debian Linux Ubuntu Linux Libxcursor
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2017-16895 HIGH POC This Week

The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arq
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-15357 HIGH POC This Week

The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Arq
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
0.6%
CVE-2017-13663 HIGH POC This Week

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cubeone Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-10903 CRITICAL Act Now

Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ptw Wms1 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2017-15702 CRITICAL PATCH Act Now

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Qpid Broker J
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2017-10861 CRITICAL Act Now

Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qnd Advance Standard
NVD
CVSS 3.0
9.1
EPSS
6.5%
CVE-2017-10902 CRITICAL Act Now

PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ptw Wms1 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-17086 CRITICAL Act Now

Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Otter
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-15607 CRITICAL Act Now

Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Otter
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-10900 CRITICAL Act Now

PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ptw Wms1 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-10899 CRITICAL Act Now

SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi A Reserve
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-10898 CRITICAL Act Now

SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi A Member
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14487 CRITICAL Act Now

The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Authentication Bypass Ohmibod Remote
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2017-15701 HIGH PATCH This Week

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Apache Qpid Broker J
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2017-10892 HIGH This Week

Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Music Center
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10891 HIGH This Week

Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Media Go
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11286 HIGH PATCH This Week

Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Adobe Coldfusion
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2017-17084 HIGH This Week

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-17083 HIGH This Week

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-10901 HIGH This Week

Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ptw Wms1 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-10874 HIGH This Week

PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pwr Q200 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-10895 HIGH This Week

sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sdnsproxy
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-10894 HIGH This Week

StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Streamrelay
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-14486 HIGH This Week

The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Apple Information Disclosure Chat +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-16893 MEDIUM This Month

The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Piwigo
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-14953 MEDIUM This Month

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hikvision Ds 2Cd2432F Iw Firmware
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-15707 MEDIUM PATCH This Month

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Struts Oncommand Balance Agile Plm Framework +9
NVD
CVSS 3.0
6.2
EPSS
1.5%
CVE-2017-6679 MEDIUM This Month

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in. Rated medium severity (CVSS 6.4). No vendor patch available.

Cisco Information Disclosure Umbrella
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2017-3104 MEDIUM This Month

Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Robohelp
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-11285 MEDIUM PATCH This Month

Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Coldfusion
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2017-3105 MEDIUM This Month

Adobe RoboHelp has an Open Redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Adobe Robohelp
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-17087 MEDIUM PATCH This Month

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Vim Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-16611 MEDIUM PATCH This Month

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Debian Linux Ubuntu Linux Libxfont
NVD
CVSS 3.1
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy