Skip to main content
CVE-2017-7293 HIGH POC This Week

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Privilege Escalation Lenovo Dolby Audio X2 Dolby Audio X3
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.1%
CVE-2017-7720 HIGH POC This Week

Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Privatetunnel
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8283 CRITICAL PATCH Act Now

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Dpkg
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-3162 HIGH PATCH This Week

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Hadoop
NVD
CVSS 3.0
7.3
EPSS
1.9%
CVE-2017-6054 HIGH This Week

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2017-3161 MEDIUM PATCH This Month

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Hadoop
NVD
CVSS 3.0
6.1
EPSS
5.8%
CVE-2017-8284 HIGH PATCH This Week

The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain. Rated high severity (CVSS 7.0). This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Qemu
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-8962 MEDIUM This Month

IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Bigfix Inventory
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-8924 MEDIUM This Month

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.6
EPSS
0.2%
CVE-2017-1170 MEDIUM PATCH This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

IBM Information Disclosure Websphere Commerce
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-6052 LOW Monitor

A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Rated low severity (CVSS 3.7), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
3.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy