Latest CVE Feed
-
7.5
HIGHCVE-2016-9049
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port... Read more
Affected Products : database_server- EPSS Score: %0.84
- Published: Feb. 21, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-0563
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device... Read more
- EPSS Score: %0.18
- Published: Apr. 07, 2017
- Modified: Apr. 20, 2025
-
7.1
HIGHCVE-2017-0548
A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versi... Read more
Affected Products : android- EPSS Score: %0.30
- Published: Apr. 07, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2015-5473
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privilege... Read more
Affected Products : syncthru_6- EPSS Score: %46.93
- Published: Jun. 01, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2015-5436
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was or... Read more
- EPSS Score: %0.55
- Published: May. 11, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2015-5401
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.... Read more
- EPSS Score: %1.26
- Published: May. 23, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-0443
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more
- EPSS Score: %0.14
- Published: Feb. 08, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-0389
A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android.... Read more
Affected Products : android- EPSS Score: %0.34
- Published: Jan. 12, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-0374
lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.... Read more
Affected Products : config-model- EPSS Score: %0.04
- Published: May. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-15539
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.... Read more
Affected Products : zorovavi\/blog- EPSS Score: %0.25
- Published: Oct. 17, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-1551
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click action... Read more
Affected Products : api_connect- EPSS Score: %0.16
- Published: Sep. 25, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15383
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.... Read more
Affected Products : nero- EPSS Score: %0.05
- Published: Oct. 16, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-15362
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection o... Read more
Affected Products : osticket- EPSS Score: %0.40
- Published: Oct. 16, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-16880
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.... Read more
Affected Products : whoops- EPSS Score: %0.24
- Published: Nov. 17, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-15219
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.... Read more
Affected Products : dotcms- EPSS Score: %0.19
- Published: Oct. 10, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2016-9885
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly ... Read more
Affected Products : gemfire_for_pivotal_cloud_foundry- EPSS Score: %0.54
- Published: Jan. 06, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-9868
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavaila... Read more
Affected Products : scaleio- EPSS Score: %0.05
- Published: Jan. 06, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2016-9834
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the targe... Read more
- EPSS Score: %0.11
- Published: Jun. 07, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-9072
Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.... Read more
- EPSS Score: %0.23
- Published: May. 18, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-16957
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /... Read more
Affected Products : tl-wvr300_firmware tl-wvr302_firmware tl-wvr450_firmware tl-wvr450l_firmware tl-wvr450g_firmware tl-wvr458_firmware tl-wvr458l_firmware tl-wvr458p_firmware tl-wvr900g_firmware tl-wvr900l_firmware +98 more products- EPSS Score: %2.89
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025