Skip to main content
CVE-2017-7645 HIGH PATCH Act Now

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0%.

Denial Of Service Linux Linux Kernel Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
16.0%
CVE-2017-5656 HIGH PATCH This Week

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Apache Information Disclosure Cxf
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2016-10345 HIGH PATCH This Week

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nginx Privilege Escalation Passenger
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5661 HIGH PATCH This Week

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Apache Formatting Objects Processor
NVD
CVSS 3.0
7.3
EPSS
2.4%
CVE-2017-5662 HIGH PATCH This Week

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Apache Batik
NVD
CVSS 3.0
7.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy