Latest CVE Feed
-
7.8
HIGHCVE-2017-9534
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000017426."... Read more
- EPSS Score: %0.21
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
4.6
MEDIUMCVE-2017-9495
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an RF4CE remote to reach the diagnostic display, and then laun... Read more
- EPSS Score: %0.06
- Published: Jul. 31, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-9491
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco D... Read more
Affected Products : arris_tg1682g_firmware dpc3939_firmware dpc3941t_firmware dpc3939b_firmware dpc3939 arris_tg1682g dpc3941t dpc3939b- EPSS Score: %0.26
- Published: Jul. 31, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9484
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi tr... Read more
- EPSS Score: %0.32
- Published: Jul. 31, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-9419
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.... Read more
- EPSS Score: %0.19
- Published: Jun. 15, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2014-6191
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568.... Read more
Affected Products : curam_social_program_management- EPSS Score: %0.15
- Published: Sep. 19, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-9333
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications i... Read more
Affected Products : openwebif- EPSS Score: %0.86
- Published: Sep. 18, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-9331
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meet... Read more
Affected Products : epesi- EPSS Score: %0.16
- Published: Jun. 01, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-9296
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.... Read more
Affected Products : device_manager- EPSS Score: %0.19
- Published: May. 29, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-9288
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).... Read more
Affected Products : raygun4wp- EPSS Score: %2.86
- Published: May. 29, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9282
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.... Read more
Affected Products : visibroker- EPSS Score: %0.40
- Published: Sep. 21, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-9273
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.... Read more
- EPSS Score: %0.24
- Published: Oct. 06, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9245
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.... Read more
Affected Products : news_and_weather- EPSS Score: %1.32
- Published: Jul. 19, 2017
- Modified: Apr. 20, 2025
-
8.0
HIGHCVE-2017-9138
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands direct... Read more
- EPSS Score: %0.14
- Published: May. 21, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-9135
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible ... Read more
- EPSS Score: %0.37
- Published: May. 21, 2017
- Modified: Apr. 20, 2025
-
4.7
MEDIUMCVE-2017-0650
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process.... Read more
- EPSS Score: %0.23
- Published: Jun. 14, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-9070
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.... Read more
- EPSS Score: %0.22
- Published: May. 18, 2017
- Modified: Apr. 20, 2025
-
7.0
HIGHCVE-2017-9067
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.... Read more
- EPSS Score: %0.13
- Published: May. 18, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-0865
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.... Read more
Affected Products : android- EPSS Score: %0.02
- Published: Nov. 16, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-8918
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.... Read more
Affected Products : dive_assistant- EPSS Score: %1.74
- Published: Sep. 12, 2017
- Modified: Apr. 20, 2025