Skip to main content
CVE-2017-16930 CRITICAL POC THREAT Emergency

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

Buffer Overflow RCE Claymore Dual Miner
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%
Threat
5.1
CVE-2017-16929 HIGH POC THREAT Act Now

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 27.1%.

Path Traversal Claymore Dual Miner
NVD GitHub Exploit-DB
CVSS 3.0
8.1
EPSS
27.1%
CVE-2016-1253 CRITICAL PATCH Act Now

The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.5%.

Debian Command Injection Most
NVD
CVSS 3.0
9.8
EPSS
13.5%
CVE-2017-17426 HIGH POC This Week

The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Glibc
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-8824 HIGH POC This Week

The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2017-14355 HIGH POC This Week

A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Connected Backup
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-14904 HIGH POC PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Use After Free Google Information Disclosure Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-1252 MEDIUM POC This Month

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ubuntu Debian Authentication Bypass Advanced Package Tool Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
6.0%
CVE-2017-17431 MEDIUM POC This Month

GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Genixcms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15813 CRITICAL PATCH Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-9709 CRITICAL PATCH Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Mozilla Linux Privilege Escalation Android
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14918 CRITICAL Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Use After Free Google Memory Corruption +2
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-11006 CRITICAL PATCH Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Use After Free Google Memory Corruption +2
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-11005 CRITICAL PATCH Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Use After Free Google Memory Corruption +2
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-6211 CRITICAL Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-14917 CRITICAL Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-14916 CRITICAL Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-14914 CRITICAL Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-14909 CRITICAL Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-14908 CRITICAL Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-14907 CRITICAL PATCH Act Now

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-17051 HIGH PATCH This Week

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nova
NVD
CVSS 3.0
8.6
EPSS
0.8%
CVE-2017-16857 HIGH This Week

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Authentication Bypass Bitbucket Auto Unapprove Plugin
NVD
CVSS 3.0
8.5
EPSS
0.3%
CVE-2016-1254 HIGH PATCH This Week

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Tor Debian Linux Fedora +2
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-11043 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1255 HIGH PATCH This Week

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Ubuntu Debian PostgreSQL Information Disclosure Postgresql Common
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-15868 HIGH PATCH This Week

The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-11033 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Use After Free Google Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11007 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9722 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9710 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI NOTIFY REQ messages can be called from multiple contexts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9716 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implements an alternative channel for usermode applications to talk. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14897 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9700 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer overwrite is possible in fw_name_store if image name is 64 characters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9698 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14901 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14900 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14899 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14898 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14896 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11047 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11030 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmi_edid_sysfs_rda_res_info(), userspace can perform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11019 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11016 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11042 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Google Mozilla Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14895 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17066 HIGH This Week

The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Kovri I2Pd
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-11031 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-9703 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0).

Denial Of Service Linux Google Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-11045 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Linux Google Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy