| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14544 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at… | ||
| CVE-2017-14543 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335." | ||
| CVE-2017-14542 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a "Read Access Violation on Block Data Move starting at STDUEPubFile!DllUnregisterServer+0x0000000000010262." | ||
| CVE-2017-14541 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2017 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e." | ||
| CVE-2017-14540 | Hig | 0.51 | 7.8 | 0.01 | Sep 18, 2017 | IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e." | ||
| CVE-2017-14539 | Hig | 0.51 | 7.8 | 0.01 | Sep 18, 2017 | IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767." | ||
| CVE-2017-14538 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823." | ||
| CVE-2017-9798 | Hig | 0.59 | 7.5 | 0.95 | Sep 18, 2017 | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through… | ||
| CVE-2014-6106 | Hig | 0.57 | 8.8 | 0.01 | Sep 18, 2017 | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via… | ||
| CVE-2017-9333 | Hig | 0.57 | 8.8 | 0.02 | Sep 18, 2017 | OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted… | ||
| CVE-2017-14530 | Hig | 0.52 | 8.0 | 0.01 | Sep 18, 2017 | WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. | ||
| CVE-2017-14520 | Hig | 0.51 | 7.8 | 0.01 | Sep 17, 2017 | In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. | ||
| CVE-2017-14519 | Hig | 0.49 | 7.5 | 0.02 | Sep 17, 2017 | In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | ||
| CVE-2017-14518 | Hig | 0.51 | 7.8 | 0.01 | Sep 17, 2017 | In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. | ||
| CVE-2017-14515 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2017 | Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. | ||
| CVE-2017-14514 | Hig | 0.49 | 7.5 | 0.02 | Sep 17, 2017 | Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | ||
| CVE-2017-14511 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2017 | An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers… | ||
| CVE-2017-14509 | Hig | 0.58 | 8.8 | 0.06 | Sep 17, 2017 | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files… | ||
| CVE-2017-14508 | Hig | 0.57 | 8.8 | 0.03 | Sep 17, 2017 | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as… | ||
| CVE-2017-14502 | Hig | 0.49 | 7.5 | 0.03 | Sep 17, 2017 | read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. | ||
| CVE-2017-14500 | Hig | 0.57 | 8.8 | 0.03 | Sep 17, 2017 | Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file)… | ||
| CVE-2015-1527 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2017 | Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | ||
| CVE-2014-9463 | Hig | 0.61 | 8.8 | 0.15 | Sep 15, 2017 | functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | ||
| CVE-2014-7808 | Hig | 0.42 | 7.5 | 0.01 | Sep 15, 2017 | Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. | ||
| CVE-2017-9805 | Hig | 0.69 | 8.1 | 0.99 | KEV | Sep 15, 2017 | The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | |
| CVE-2017-2299 | Hig | 0.49 | 7.5 | 0.01 | Sep 15, 2017 | Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust… | ||
| CVE-2017-14497 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2017 | The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system… | ||
| CVE-2017-10860 | Hig | 0.51 | 7.8 | 0.02 | Sep 15, 2017 | Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | ||
| CVE-2017-10859 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2017 | Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10858 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2017 | Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10855 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2017 | Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10846 | Hig | 0.49 | 7.5 | 0.02 | Sep 15, 2017 | Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | ||
| CVE-2017-4924 | Hig | 0.57 | 8.8 | 0.01 | Sep 15, 2017 | VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | ||
| CVE-2017-14484 | Hig | 0.47 | 7.3 | 0.00 | Sep 15, 2017 | The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed. | ||
| CVE-2017-2809 | Hig | 0.42 | 7.5 | 0.03 | Sep 14, 2017 | An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. | ||
| CVE-2017-0782 | Hig | 0.57 | 8.8 | 0.02 | Sep 14, 2017 | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. | ||
| CVE-2017-0781 | Hig | 0.62 | 8.8 | 0.23 | Sep 14, 2017 | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. | ||
| CVE-2017-14482 | Hig | 0.58 | 8.8 | 0.04 | Sep 14, 2017 | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in… | ||
| CVE-2017-1002151 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2017 | Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | ||
| CVE-2017-1002026 | Hig | 0.57 | 8.8 | 0.02 | Sep 14, 2017 | Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. | ||
| CVE-2017-1002025 | Hig | 0.47 | 7.2 | 0.02 | Sep 14, 2017 | Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. | ||
| CVE-2017-1002007 | Hig | 0.49 | 7.5 | 0.03 | Sep 14, 2017 | Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | ||
| CVE-2017-1002006 | Hig | 0.49 | 7.5 | 0.03 | Sep 14, 2017 | Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | ||
| CVE-2017-1002005 | Hig | 0.49 | 7.5 | 0.03 | Sep 14, 2017 | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | ||
| CVE-2017-1002004 | Hig | 0.49 | 7.5 | 0.03 | Sep 14, 2017 | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | ||
| CVE-2017-13779 | Hig | 0.51 | 7.8 | 0.01 | Sep 14, 2017 | GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs… | ||
| CVE-2017-12989 | Hig | 0.49 | 7.5 | 0.02 | Sep 14, 2017 | The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). | ||
| CVE-2017-2816 | Hig | 0.57 | 8.8 | 0.02 | Sep 13, 2017 | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this… | ||
| CVE-2017-7561 | Hig | 0.49 | 7.5 | 0.02 | Sep 13, 2017 | Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. | ||
| CVE-2017-14430 | Hig | 0.49 | 7.5 | 0.01 | Sep 13, 2017 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. |
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at…
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a "Read Access Violation on Block Data Move starting at STDUEPubFile!DllUnregisterServer+0x0000000000010262."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e."
- risk 0.51cvss 7.8epss 0.01
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e."
- risk 0.51cvss 7.8epss 0.01
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823."
- risk 0.59cvss 7.5epss 0.95
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through…
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via…
- risk 0.57cvss 8.8epss 0.02
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted…
- risk 0.52cvss 8.0epss 0.01
WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.
- risk 0.51cvss 7.8epss 0.01
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
- risk 0.49cvss 7.5epss 0.02
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).
- risk 0.51cvss 7.8epss 0.01
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
- risk 0.49cvss 7.5epss 0.01
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers…
- risk 0.58cvss 8.8epss 0.06
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files…
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as…
- risk 0.49cvss 7.5epss 0.03
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
- risk 0.57cvss 8.8epss 0.03
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file)…
- risk 0.51cvss 7.8epss 0.00
Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.
- risk 0.61cvss 8.8epss 0.15
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
- risk 0.42cvss 7.5epss 0.01
Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.
- risk 0.69cvss 8.1epss 0.99
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
- risk 0.49cvss 7.5epss 0.01
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust…
- risk 0.51cvss 7.8epss 0.01
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system…
- risk 0.51cvss 7.8epss 0.02
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.49cvss 7.5epss 0.02
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
- risk 0.47cvss 7.3epss 0.00
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
- risk 0.42cvss 7.5epss 0.03
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
- risk 0.57cvss 8.8epss 0.02
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.
- risk 0.62cvss 8.8epss 0.23
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
- risk 0.58cvss 8.8epss 0.04
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in…
- risk 0.49cvss 7.5epss 0.01
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
- risk 0.57cvss 8.8epss 0.02
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
- risk 0.47cvss 7.2epss 0.02
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
- risk 0.49cvss 7.5epss 0.03
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
- risk 0.49cvss 7.5epss 0.03
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
- risk 0.49cvss 7.5epss 0.03
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
- risk 0.49cvss 7.5epss 0.03
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.
- risk 0.51cvss 7.8epss 0.01
GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs…
- risk 0.49cvss 7.5epss 0.02
The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length().
- risk 0.57cvss 8.8epss 0.02
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this…
- risk 0.49cvss 7.5epss 0.02
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
- risk 0.49cvss 7.5epss 0.01
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.