Skip to main content
CVE-2017-8779 HIGH POC PATCH THREAT Act Now

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.4%.

Denial Of Service Rpcbind Libtirpc Ntirpc
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
81.4%
Threat
5.4
CVE-2017-8295 MEDIUM POC THREAT This Month

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 77.1%.

WordPress PHP Information Disclosure
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
77.1%
Threat
5.0
CVE-2017-3730 HIGH POC PATCH THREAT Act Now

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Null Pointer Dereference Denial Of Service Microsoft OpenSSL Agile Engineering Data Management +5
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
53.0%
Threat
4.6
CVE-2016-7054 HIGH POC PATCH THREAT Act Now

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.8%.

Authentication Bypass OpenSSL
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
24.8%
CVE-2017-8768 CRITICAL Act Now

Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Command Injection Sourcetree
NVD
CVSS 3.0
9.8
EPSS
8.0%
CVE-2017-8773 CRITICAL Act Now

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Memory Corruption Privilege Escalation +3
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-8763 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Epesi
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8778 MEDIUM POC PATCH This Month

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Gitlab
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-3731 HIGH PATCH Act Now

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.6%.

Buffer Overflow OpenSSL Information Disclosure Node Js
NVD GitHub
CVSS 3.1
7.5
EPSS
12.6%
CVE-2017-8775 CRITICAL Act Now

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Antivirus Pro Internet Security Total Security
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2017-8774 CRITICAL Act Now

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Antivirus Pro Internet Security Total Security
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2017-3733 HIGH This Week

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Operations Agent
NVD GitHub
CVSS 3.0
7.5
EPSS
3.1%
CVE-2016-7053 HIGH This Week

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service OpenSSL
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-8776 HIGH This Week

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Antivirus Pro Internet Security Total Security
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-3732 MEDIUM PATCH This Month

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

OpenSSL Information Disclosure Node Js
NVD GitHub
CVSS 3.1
5.9
EPSS
5.2%
CVE-2017-4983 MEDIUM This Month

EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emc Data Domain Os
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2016-7055 MEDIUM PATCH This Month

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Node Js
NVD
CVSS 3.1
5.9
EPSS
3.6%
CVE-2017-8765 MEDIUM PATCH This Month

The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-8780 MEDIUM PATCH This Month

GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Genixcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy