Skip to main content
CVE-2017-0003 HIGH POC THREAT Act Now

Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.6%.

RCE Buffer Overflow Microsoft Sharepoint Enterprise Server Word
NVD GitHub
CVSS 3.0
7.8
EPSS
33.6%
Threat
4.1
CVE-2017-0004 HIGH Act Now

The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.5% and no vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2008 Windows Vista
NVD
CVSS 3.0
7.5
EPSS
53.5%
CVE-2017-0002 HIGH POC THREAT Act Now

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.7%.

Authentication Bypass Microsoft Edge
NVD GitHub
CVSS 3.0
8.8
EPSS
14.7%
CVE-2015-4592 HIGH POC This Week

eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Population Health
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-4593 HIGH POC This Week

eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Population Health
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-6287 HIGH This Week

The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Http Client
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6286 HIGH This Week

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Http Client
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6831 HIGH PATCH This Week

The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Chicken
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-6580 HIGH PATCH This Week

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Python Priority Library
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-6581 HIGH PATCH This Week

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Hpack Hyper
NVD
CVSS 3.0
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy