Latest CVE Feed
-
7.5
HIGHCVE-2017-6367
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.... Read more
- EPSS Score: %52.82
- Published: Mar. 14, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6344
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.... Read more
Affected Products : pdf_plugin- EPSS Score: %0.33
- Published: Feb. 27, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-6264
An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it cou... Read more
- EPSS Score: %0.40
- Published: Nov. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6205
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.... Read more
- EPSS Score: %2.35
- Published: Feb. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6070
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.... Read more
- EPSS Score: %0.80
- Published: Feb. 21, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-17128
The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file.... Read more
Affected Products : libav- EPSS Score: %0.35
- Published: Dec. 04, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-5906
The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate... Read more
Affected Products : diabetes_in_check\- EPSS Score: %0.12
- Published: May. 05, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-17049
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt.... Read more
Affected Products : vir.it_explorer- EPSS Score: %0.05
- Published: Nov. 29, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-16996
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.... Read more
- EPSS Score: %0.12
- Published: Dec. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-16949
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/fi... Read more
Affected Products : anonymous_post_pro- EPSS Score: %38.79
- Published: Dec. 19, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-16941
October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive... Read more
Affected Products : october- EPSS Score: %0.51
- Published: Nov. 25, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-5709
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.... Read more
Affected Products : server_platform_services_firmware- EPSS Score: %0.10
- Published: Nov. 21, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-16836
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.... Read more
- EPSS Score: %0.47
- Published: Nov. 16, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-5603
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks.... Read more
Affected Products : jitsi- EPSS Score: %0.25
- Published: Feb. 09, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-16673
Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 2... Read more
Affected Products : backup_agent- EPSS Score: %0.08
- Published: Nov. 09, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-16665
RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.... Read more
Affected Products : remoting_sdk_9- EPSS Score: %0.22
- Published: Nov. 08, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-16566
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to tak... Read more
- EPSS Score: %1.33
- Published: Nov. 17, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5345
SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI.... Read more
Affected Products : genixcms- EPSS Score: %0.43
- Published: Jan. 12, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-3817
A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CS... Read more
Affected Products : unified_computing_system_director- EPSS Score: %0.14
- Published: Apr. 07, 2017
- Modified: Apr. 20, 2025
-
3.8
LOWCVE-2017-4896
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.... Read more
- EPSS Score: %0.05
- Published: May. 10, 2017
- Modified: Apr. 20, 2025