Skip to main content
CVE-2017-7398 HIGH POC This Week

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-7228 HIGH POC PATCH This Week

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen
NVD GitHub Exploit-DB
CVSS 3.0
8.2
EPSS
1.5%
CVE-2017-7413 HIGH Act Now

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.

Command Injection Groupware
NVD
CVSS 3.0
8.8
EPSS
13.3%
CVE-2017-7306 MEDIUM POC This Month

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Brute Force Hashicorp Information Disclosure Rios
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2016-10229 CRITICAL PATCH Act Now

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Linux Linux Kernel Android
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2017-3204 HIGH PATCH This Week

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Crypto
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2016-3740 HIGH This Week

Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Foxit Reader
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2014-9922 HIGH PATCH This Week

The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Privilege Escalation Linux Kernel Android
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5870 HIGH PATCH This Week

The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-7412 HIGH PATCH This Week

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Information Disclosure Nixos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-5683 HIGH PATCH This Week

Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Privilege Escalation Hardware Accelerated Execution Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7414 HIGH This Week

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Groupware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2015-1612 HIGH PATCH This Week

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openflow
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2015-1611 HIGH PATCH This Week

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Openflow
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-5649 HIGH PATCH This Week

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Geode
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-7307 MEDIUM This Month

Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rios
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-10318 MEDIUM PATCH This Month

A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Privilege Escalation Linux Kernel
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-7233 MEDIUM PATCH This Month

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

XSS Open Redirect Python Django
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2017-7234 MEDIUM PATCH This Month

A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Django
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7418 MEDIUM PATCH This Month

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Proftpd
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0360 MEDIUM PATCH This Month

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Tryton
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-5670 MEDIUM This Month

Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Rios
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2017-7305 MEDIUM This Month

Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Brute Force Hashicorp Information Disclosure Rios
NVD
CVSS 3.1
4.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy