Skip to main content
CVE-2017-6953 HIGH POC This Week

Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Smartdiag Diagnosis Tool
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8833 MEDIUM POC This Month

Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zen Cart
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-4982 CRITICAL Act Now

EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mainframe Enablers Resourcepak Base
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-8827 CRITICAL PATCH Act Now

forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service Authentication Bypass PHP Genixcms
NVD GitHub
CVSS 3.0
9.1
EPSS
0.5%
CVE-2016-8202 HIGH This Week

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2017-8844 HIGH PATCH This Week

The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-8829 HIGH This Week

Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Lintian
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-10369 HIGH PATCH This Week

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Authentication Bypass Lxterminal
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8825 HIGH PATCH This Week

A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libetpan
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-8209 HIGH This Week

Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Netiron Mlx Series Firmware Netiron Cer Series Firmware Netiron Ces Series Firmware Netiron Xmr Series Firmware
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6051 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Visualview Hmi
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2017-8830 MEDIUM PATCH This Month

In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-8848 MEDIUM PATCH This Month

Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Allen Disk
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-8831 MEDIUM PATCH This Month

The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel +2
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2017-8832 MEDIUM PATCH This Month

Allen Disk 1.6 has XSS in the id parameter to downfile.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Allen Disk
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-8846 MEDIUM PATCH This Month

The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2017-8847 MEDIUM PATCH This Month

The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-8845 MEDIUM PATCH This Month

The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-8843 MEDIUM PATCH This Month

The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-8842 MEDIUM PATCH This Month

The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-0893 MEDIUM This Month

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apple Nextcloud Nextcloud Server
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-0890 MEDIUM PATCH This Month

Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Nextcloud Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2017-0891 MEDIUM This Month

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nextcloud Nextcloud Server
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-0894 MEDIUM PATCH This Month

Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2017-0892 LOW PATCH Monitor

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2017-0895 LOW Monitor

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.0
3.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy