Skip to main content
CVE-2017-7308 HIGH POC THREAT Act Now

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 87.0%.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
87.0%
Threat
5.7
CVE-2017-7310 HIGH POC THREAT Act Now

A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

Buffer Overflow RCE Diskboss Disksorter Syncbreeze
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
86.6%
Threat
5.7
CVE-2017-5226 CRITICAL POC PATCH THREAT Act Now

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Information Disclosure Bubblewrap
NVD GitHub
CVSS 3.0
10.0
EPSS
10.4%
CVE-2017-7285 HIGH POC THREAT Act Now

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

Denial Of Service Mikrotik Routeros
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
21.2%
CVE-2017-5671 HIGH POC This Week

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Honeywell Privilege Escalation Intermec Pc23 Firmware Intermec Pc42 Firmware Intermec Pc43 Firmware +4
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-9924 CRITICAL Act Now

Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zimbra Collaboration Suite
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2014-3582 CRITICAL Act Now

In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Ambari
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-7298 MEDIUM POC This Month

In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moodle
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-7297 HIGH PATCH This Week

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Rancher
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2017-2689 HIGH This Week

Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ruggedcom Rox I
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-2688 HIGH This Week

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens CSRF Ruggedcom Rox I
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-2379 HIGH This Week

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mxit
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-4980 HIGH This Week

EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Isilon Onefs
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2015-4556 HIGH PATCH This Week

The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Chicken
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-7294 HIGH PATCH This Week

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Linux Buffer Overflow Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-7258 HIGH This Week

HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emli
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-7301 HIGH PATCH This Week

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-7304 HIGH PATCH This Week

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-7303 HIGH PATCH This Week

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-7302 HIGH PATCH This Week

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-7300 HIGH PATCH This Week

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-4977 HIGH This Week

EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Rsa Archer Security Operations Management
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-2686 MEDIUM This Month

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ruggedcom Rox I
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-2687 MEDIUM This Month

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Rox I
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6846 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Documentconverter Api Office Web Open Xchange Appsuite Backend +1
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8234 MEDIUM PATCH This Month

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Glance
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-7299 MEDIUM PATCH This Month

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-4976 MEDIUM PATCH This Month

Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Ambari
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6864 MEDIUM This Month

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Rox I
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-5900 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nb16Wv 02 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6349 LOW PATCH Monitor

The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oci Register Machine
NVD GitHub
CVSS 3.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy