Skip to main content
CVE-2017-3195 CRITICAL POC PATCH THREAT Act Now

Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.2%.

Buffer Overflow RCE Stack Overflow Edge
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
46.2%
Threat
4.8
CVE-2017-3191 CRITICAL Emergency

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8% and no vendor patch available.

Authentication Bypass D-Link Dir 130 Firmware Dir 330 Firmware
NVD
CVSS 3.0
9.8
EPSS
33.8%
CVE-2017-3192 CRITICAL Act Now

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Authentication Bypass D-Link Dir 130 Firmware Dir 330 Firmware
NVD
CVSS 3.0
9.8
EPSS
27.7%
CVE-2017-17713 CRITICAL POC PATCH Act Now

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Trape
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14090 CRITICAL POC PATCH Act Now

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Trend Micro Information Disclosure Scanmail
NVD
CVSS 3.0
9.1
EPSS
0.3%
CVE-2017-14092 HIGH POC PATCH This Week

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Microsoft CSRF Scanmail
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-3184 CRITICAL Act Now

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Denial Of Service Authentication Bypass Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
14.0%
CVE-2017-3196 HIGH POC This Week

PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Rawether
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-3186 CRITICAL Act Now

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
9.9%
CVE-2017-14091 HIGH POC PATCH This Week

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Trend Micro Information Disclosure Scanmail
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-17714 MEDIUM POC PATCH This Month

Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Trape
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14093 MEDIUM POC PATCH This Month

The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microsoft Trend Micro Scanmail
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-3185 CRITICAL Act Now

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-10904 CRITICAL Act Now

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Command Injection Qt
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-3193 HIGH PATCH This Week

Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow D-Link Stack Overflow Dir 850L Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2017-17715 HIGH This Week

The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Google Java Telegram Messenger
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-3194 HIGH This Week

Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Pandora
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-11397 HIGH PATCH This Week

A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Trend Micro Encryption For Email
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-3190 HIGH This Week

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Google Apple Information Disclosure Flash Seats
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-17712 HIGH PATCH This Week

The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2017-14134 MEDIUM This Month

A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Maple T A
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-10905 MEDIUM This Month

A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qt
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy