Skip to main content
CVE-2017-7398 HIGH POC This Week

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-7228 HIGH POC PATCH This Week

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen
NVD GitHub Exploit-DB
CVSS 3.0
8.2
EPSS
1.5%
CVE-2017-7413 HIGH Act Now

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.

Command Injection Groupware
NVD
CVSS 3.0
8.8
EPSS
13.3%
CVE-2017-3204 HIGH PATCH This Week

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Crypto
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2016-3740 HIGH This Week

Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Foxit Reader
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2014-9922 HIGH PATCH This Week

The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Privilege Escalation Linux Kernel Android
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5870 HIGH PATCH This Week

The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-7412 HIGH PATCH This Week

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Information Disclosure Nixos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-5683 HIGH PATCH This Week

Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Privilege Escalation Hardware Accelerated Execution Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7414 HIGH This Week

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Groupware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2015-1612 HIGH PATCH This Week

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openflow
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2015-1611 HIGH PATCH This Week

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Openflow
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-5649 HIGH PATCH This Week

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Geode
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy