Skip to main content
CVE-2017-15944 CRITICAL POC KEV THREAT Emergency

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Paloalto RCE
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.0%
Threat
7.8
CVE-2017-17111 CRITICAL POC THREAT Emergency

Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

SQLi PHP Posty Readymade Classifieds
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.7%
Threat
4.0
CVE-2017-17110 CRITICAL POC THREAT Emergency

Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

SQLi PHP Techno Portfolio Management Panel
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.7%
Threat
4.0
CVE-2017-15708 CRITICAL PATCH Act Now

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.9%.

RCE Java Apache Synapse Financial Services Market Risk Measurement And Management +1
NVD
CVSS 3.1
9.8
EPSS
19.9%
CVE-2017-11319 HIGH POC This Week

Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Perspective
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-17512 HIGH POC This Week

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Sensible Utils
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-17509 HIGH POC This Week

In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2014-8358 HIGH POC This Week

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Huawei Information Disclosure Ec156 Firmware Ec176 Firmware Ec177 Firmware
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-15940 CRITICAL Act Now

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Paloalto Command Injection Pan Os
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2017-17504 MEDIUM POC This Month

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2017-17505 MEDIUM POC This Month

In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-17508 MEDIUM POC This Month

In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-17506 MEDIUM POC This Month

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-17507 MEDIUM POC This Month

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-17499 CRITICAL PATCH Act Now

ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Imagemagick Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2017-11507 MEDIUM POC This Month

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Check Mk
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-17501 HIGH PATCH This Week

WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2017-17500 HIGH PATCH This Week

ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2017-15896 CRITICAL Act Now

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Authentication Bypass OpenSSL Node Js
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2017-11463 HIGH This Week

In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Endpoint Manager
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-17503 HIGH PATCH This Week

ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-17502 HIGH PATCH This Week

ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-17536 HIGH PATCH This Week

Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Phabricator
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-17498 HIGH PATCH This Week

WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Graphicsmagick
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-17523 HIGH PATCH This Week

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Lilypond
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1606 HIGH This Week

IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Financial Transaction Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-17551 HIGH This Week

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Dolphin
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-6904 HIGH This Week

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Vasa Provider
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-13070 HIGH This Week

A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qnap RCE Microsoft Qsync
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-2886 HIGH This Week

A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Ultimate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-15942 HIGH This Week

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-1000407 HIGH PATCH This Week

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Virtualization Host Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2017-1760 HIGH This Week

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2017-15870 MEDIUM This Month

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking.". Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Globalprotect
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2015-8470 MEDIUM This Month

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1550 MEDIUM This Month

IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2014-3250 MEDIUM PATCH This Month

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Puppet Linux
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-16723 MEDIUM This Month

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Fl Comserver Basic 232 Firmware Fl Comserver Uni 422 Firmware Fl Comserver Bas 485 T Firmware +10
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-6502 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Puppet Enterprise
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8867 MEDIUM This Month

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Stemosaur Firmware
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-8865 MEDIUM This Month

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Stemosaur Firmware
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-8866 MEDIUM This Month

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Stemosaur Firmware
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-1549 MEDIUM This Month

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling File Gateway
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1683 MEDIUM This Month

IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections Engagement Center
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1632 MEDIUM This Month

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling File Gateway
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1536 MEDIUM This Month

IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-15943 MEDIUM This Month

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Paloalto Pan Os
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-1548 MEDIUM This Month

IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Sterling File Gateway
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2017-1613 MEDIUM This Month

IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Information Disclosure Connections
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-16789 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Njams Businessworks Process Monitor
NVD
CVSS 3.0
4.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy