Skip to main content
CVE-2017-8895 CRITICAL POC PATCH THREAT Act Now

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.1%.

Denial Of Service Memory Corruption Use After Free RCE Backup Exec
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
67.1%
Threat
5.5
CVE-2017-7886 CRITICAL POC Act Now

Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dolibarr Erp Crm
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-7888 CRITICAL POC Act Now

Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dolibarr Erp Crm
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8852 HIGH POC This Week

SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow SAP Sapcar
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2017-8879 MEDIUM POC This Month

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dolibarr Erp Crm
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2017-8875 MEDIUM POC This Month

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Clean Login
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-8892 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tempo Box
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7887 MEDIUM POC This Month

Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8872 CRITICAL Act Now

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libxml2
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2016-5889 HIGH PATCH This Week

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Interact
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-5891 HIGH PATCH This Week

ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Rt Ac1750 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-8874 HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mautic
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-4895 HIGH PATCH This Week

Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Google Authentication Bypass Airwatch Agent Airwatch Inbox
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-1137 HIGH PATCH This Week

IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

IBM Authentication Bypass Websphere Application Server
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2017-1103 HIGH PATCH This Week

IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Rational Team Concert Rational Quality Manager
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-7698 HIGH PATCH This Week

A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption Use After Free RCE Swftools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-8890 HIGH PATCH This Week

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-8868 HIGH PATCH This Week

acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal CSRF PHP Flatcore Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-9250 HIGH This Week

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-5892 HIGH PATCH This Week

ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Rt Ac1750 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-8877 MEDIUM This Month

ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rt Ac1750 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-8878 MEDIUM This Month

ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rt Ac1750 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-3894 MEDIUM This Month

A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Service Unified Endpoint Manager
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8876 MEDIUM PATCH This Month

Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Symphony
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2016-10371 MEDIUM This Month

The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtiff
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-8891 MEDIUM PATCH This Month

Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-6035 MEDIUM PATCH This Month

IBM Rational Quality Manager is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Team Concert Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-5888 MEDIUM PATCH This Month

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Interact
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3032 MEDIUM This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6037 MEDIUM PATCH This Month

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Team Concert Rational Quality Manager
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-4896 LOW PATCH Monitor

Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Google Authentication Bypass Airwatch Agent Airwatch Inbox
NVD
CVSS 3.0
3.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy