Skip to main content
CVE-2017-5650 HIGH PATCH Act Now

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.7%.

Tomcat Apache Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
12.7%
CVE-2016-7551 HIGH PATCH This Week

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.0
7.5
EPSS
6.6%
CVE-2017-5647 HIGH PATCH This Week

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Apache Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2017-5659 HIGH PATCH This Week

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2016-5396 HIGH PATCH This Week

Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2017-7889 HIGH PATCH This Week

The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Linux Authentication Bypass Linux Kernel Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-3036 HIGH PATCH This Week

IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service IBM Cognos Business Intelligence
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-7892 HIGH This Week

Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Capnproto
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-1161 HIGH This Week

IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2017-7885 HIGH This Week

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Jbig2Dec
NVD
CVSS 3.0
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy