Skip to main content
CVE-2017-3195 CRITICAL POC PATCH THREAT Act Now

Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.2%.

Buffer Overflow RCE Stack Overflow Edge
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
46.2%
Threat
4.8
CVE-2017-3191 CRITICAL Emergency

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8% and no vendor patch available.

Authentication Bypass D-Link Dir 130 Firmware Dir 330 Firmware
NVD
CVSS 3.0
9.8
EPSS
33.8%
CVE-2017-3192 CRITICAL Act Now

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Authentication Bypass D-Link Dir 130 Firmware Dir 330 Firmware
NVD
CVSS 3.0
9.8
EPSS
27.7%
CVE-2017-17713 CRITICAL POC PATCH Act Now

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Trape
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14090 CRITICAL POC PATCH Act Now

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Trend Micro Information Disclosure Scanmail
NVD
CVSS 3.0
9.1
EPSS
0.3%
CVE-2017-3184 CRITICAL Act Now

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Denial Of Service Authentication Bypass Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
14.0%
CVE-2017-3186 CRITICAL Act Now

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
9.9%
CVE-2017-3185 CRITICAL Act Now

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-10904 CRITICAL Act Now

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Command Injection Qt
NVD
CVSS 3.0
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy