Skip to main content
CVE-2016-9091 HIGH POC THREAT Act Now

Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.5%.

Command Injection Advanced Secure Gateway Content Analysis System Software
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
36.5%
Threat
4.0
CVE-2017-7447 HIGH POC PATCH This Week

HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Helpdezk
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-7446 HIGH POC PATCH This Week

HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Helpdezk
NVD Exploit-DB GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-7358 HIGH POC This Week

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Debian Lightdm Ubuntu Linux
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
1.7%
CVE-2017-6339 MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.7%
CVE-2017-6975 MEDIUM POC This Month

Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Broadcom Apple Iphone Os
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-6338 MEDIUM POC PATCH This Month

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-6956 HIGH This Week

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Broadcom RCE Hardmac Wi Fi Soc Firmware
NVD
CVSS 3.0
8.8
EPSS
5.4%
CVE-2017-7450 CRITICAL Act Now

AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hdmi Dongle Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-2671 MEDIUM POC PATCH This Month

The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-7448 MEDIUM POC PATCH This Month

The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6340 MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6100 HIGH This Week

IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Disposal And Governance Management For It Global Retention Policy And Schedule Management
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-7444 HIGH This Week

In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure System Recovery
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-4680 HIGH PATCH This Week

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freeradius Linux Enterprise Server Linux Enterprise Software Development Kit
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-0339 HIGH PATCH This Week

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Nvidia Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0327 HIGH PATCH This Week

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Nvidia Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0325 HIGH PATCH This Week

An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Google Nvidia Memory Corruption +1
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0329 HIGH PATCH This Week

An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Nvidia Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0332 HIGH PATCH This Week

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Google Nvidia Memory Corruption +1
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0886 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Denial Of Service Nextcloud Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2014-9829 MEDIUM PATCH This Month

coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2017-0883 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2017-7443 MEDIUM PATCH This Month

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apt Cacher Ng Apt Cacher
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3031 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3015 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-9019 MEDIUM PATCH This Month

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libxslt
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-1180 MEDIUM This Month

The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-0330 MEDIUM PATCH This Month

An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nvidia Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0328 MEDIUM PATCH This Month

An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nvidia Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0888 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2017-0887 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2017-0885 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2017-0884 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy