Latest CVE Feed
-
7.5
HIGHCVE-2017-11155
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.... Read more
Affected Products : photo_station- EPSS Score: %35.18
- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-11073
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space.... Read more
Affected Products : android- EPSS Score: %0.02
- Published: Nov. 16, 2017
- Modified: Apr. 20, 2025
-
4.7
MEDIUMCVE-2016-5858
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs.... Read more
Affected Products : android- EPSS Score: %0.14
- Published: Aug. 16, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-10801
phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI.... Read more
Affected Products : phpsocial- EPSS Score: %0.30
- Published: Jul. 19, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-10783
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpF... Read more
- EPSS Score: %0.05
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
4.8
MEDIUMCVE-2017-7241
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) set... Read more
Affected Products : mantisbt- EPSS Score: %0.80
- Published: Mar. 31, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-5156
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems o... Read more
Affected Products : wonderware_intouch_access_anywhere- EPSS Score: %0.13
- Published: Apr. 20, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2014-8180
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.... Read more
- EPSS Score: %0.04
- Published: Jun. 06, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2014-8163
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.... Read more
- EPSS Score: %0.68
- Published: Aug. 28, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9961
A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able t... Read more
Affected Products : pro-face_gp_pro_ex- EPSS Score: %0.09
- Published: Sep. 26, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-9960
An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.... Read more
Affected Products : u.motion_builder- EPSS Score: %0.24
- Published: Sep. 26, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-9931
Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.... Read more
- EPSS Score: %0.24
- Published: Jul. 21, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9887
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Fu... Read more
- EPSS Score: %0.11
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-9886
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df000... Read more
- EPSS Score: %0.11
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9858
An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now kno... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- EPSS Score: %0.76
- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9785
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.... Read more
Affected Products : nancy- EPSS Score: %2.47
- Published: Jul. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9709
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony.... Read more
Affected Products : android- EPSS Score: %0.16
- Published: Dec. 05, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-9622
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.... Read more
Affected Products : epesi- EPSS Score: %0.22
- Published: Jun. 14, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-9613
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.... Read more
Affected Products : successfactors- EPSS Score: %0.30
- Published: Jun. 15, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-9587
The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif... Read more
Affected Products : pcsb_bank_mobile- EPSS Score: %0.12
- Published: Jun. 16, 2017
- Modified: Apr. 20, 2025