Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4666 matches found

Cvelist
Cvelistadded 2017/11/07 4:0 p.m.22 views

CVE-2017-2891

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request...

9.8CVSS9.7AI score0.02937EPSS
Exploits2References1
Cvelist
Cvelistadded 2017/11/07 4:0 p.m.23 views

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...

8.2CVSS7.8AI score0.00376EPSS
Exploits1References1
Cvelist
Cvelistadded 2017/11/07 4:0 p.m.25 views

CVE-2017-12083

An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the...

5.8CVSS5.4AI score0.00289EPSS
Exploits2References1
Cvelist
Cvelistadded 2017/11/07 4:0 p.m.25 views

CVE-2017-12085

An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability...

9CVSS9.4AI score0.01455EPSS
Exploits2References1
Cvelist
Cvelistadded 2017/11/07 4:0 p.m.22 views

CVE-2017-12096

An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of...

6.5CVSS6.3AI score0.00099EPSS
Exploits2References1
Debian CVE
Debian CVEadded 2017/11/07 4:0 p.m.15 views

CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet ove...

7.5CVSS7.4AI score0.05265EPSS
Exploits2
Debian CVE
Debian CVEadded 2017/11/07 4:0 p.m.23 views

CVE-2017-2891

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request...

9.8CVSS9.7AI score0.02937EPSS
Exploits2
Talos
Talosadded 2017/10/31 12:0 a.m.41 views

Circle with Disney Goclient SSL TLD MITM Vulnerability

Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...

7.4CVSS6.1AI score0.00136EPSS
Exploits2
Talos
Talosadded 2017/10/31 12:0 a.m.30 views

Circle with Disney Database Updater Code Execution Vulnerability

Summary An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability...

9.3CVSS8.5AI score0.00993EPSS
Exploits2
Talos
Talosadded 2017/10/31 12:0 a.m.104 views

Circle with Disney WiFi Restart SSID Parsing Command Injection Vulnerability

Summary An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point...

9CVSS8.3AI score0.00114EPSS
Exploits2
Talos
Talosadded 2017/10/31 12:0 a.m.101 views

Circle with Disney Token Routing Vulnerability

Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...

9.8CVSS8.8AI score0.01455EPSS
Exploits2
seebug.org
seebug.orgadded 2017/10/20 12:0 a.m.62 views

Ruby Fiddle::Function.new Heap Overflow Vulnerability(CVE-2016-2339)

DESCRIPTION An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args...

7.5CVSS9.4AI score0.00831EPSS
Exploits2
OSV
OSVadded 2017/10/19 5:29 p.m.29 views

CVE-2017-10379

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

6.5CVSS6.2AI score
Exploits0References11
NVD
NVDadded 2017/10/19 5:29 p.m.16 views

CVE-2017-10378

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

6.5CVSS6.2AI score0.00282EPSS
Exploits0References14
NVD
NVDadded 2017/10/19 5:29 p.m.14 views

CVE-2017-10354

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products subcomponent: Enterprise Portal. The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

8.2CVSS7.5AI score0.01648EPSS
Exploits0References3
OSV
OSVadded 2017/10/19 5:29 p.m.16 views

CVE-2017-10320

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS5.9AI score
Exploits0References5
NVD
NVDadded 2017/10/19 5:29 p.m.8 views

CVE-2017-10326

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite subcomponent: Applications Calendar. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated...

8.2CVSS8.1AI score0.01648EPSS
Exploits0References3
NVD
NVDadded 2017/10/19 5:29 p.m.25 views

CVE-2017-10311

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: FTS. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS4.6AI score0.00355EPSS
Exploits0References5
NVD
NVDadded 2017/10/19 5:29 p.m.22 views

CVE-2017-10315

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM subcomponent: UIF Open UI. Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful...

6.1CVSS5.3AI score0.00676EPSS
Exploits0References2
NVD
NVDadded 2017/10/19 5:29 p.m.17 views

CVE-2017-10227

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

4.9CVSS4.7AI score0.00284EPSS
Exploits0References6
Rows per page
Query Builder