Skip to main content
CVE-2017-3066 CRITICAL POC KEV PATCH THREAT Act Now

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization flaws in the bundled Apache BlazeDS library. This critical vulnerability affects ColdFusion 10 (all updates through 22), ColdFusion 11 (through Update 11), and ColdFusion 2016 (through Update 3). CISA confirms active exploitation in the wild with publicly available exploit code (Exploit-DB 43993), and EPSS scoring at 93.36% (100th percentile) indicates extremely high real-world exploitation likelihood. The network-accessible attack vector requiring no authentication or user interaction makes this a top-priority remediation target for any organization running affected ColdFusion versions.

Java Deserialization Apache RCE Adobe
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
93.4%
Threat
9.8
CVE-2017-8291 HIGH POC KEV PATCH THREAT Act Now

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass Memory Corruption
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
92.9%
Threat
7.3
CVE-2017-5135 CRITICAL POC THREAT Emergency

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.4%.

Cisco Authentication Bypass Dpc3928Sl Firmware
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
22.4%
Threat
4.0
CVE-2017-8307 CRITICAL POC Act Now

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Antivirus
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-7415 HIGH POC This Week

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Confluence Server
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-8308 HIGH POC This Week

In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-8297 CRITICAL Act Now

A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Simple File Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-8287 CRITICAL PATCH Act Now

FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Freetype
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-8305 CRITICAL Act Now

The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Udfclient
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-8289 CRITICAL PATCH Act Now

Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Riot
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-8302 MEDIUM POC PATCH This Month

Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Muracms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6037 HIGH This Week

A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Levi Studio Hmi Editor
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-6035 HIGH This Week

A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Stack Overflow Levi Studio Hmi Editor
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-8288 HIGH PATCH This Week

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnome Shell
NVD GitHub
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-5186 HIGH This Week

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edirectory Imanager
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-8296 HIGH PATCH This Week

kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Ked Password Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-8294 HIGH PATCH This Week

libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Yara
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-3008 MEDIUM PATCH This Month

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Coldfusion
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2017-8298 MEDIUM PATCH This Month

cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Canvas
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-8301 MEDIUM PATCH This Month

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Nginx Information Disclosure Libressl
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy