Skip to main content
CVE-2017-8852 HIGH POC This Week

SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow SAP Sapcar
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2016-5889 HIGH PATCH This Week

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Interact
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-5891 HIGH PATCH This Week

ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Rt Ac1750 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-8874 HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mautic
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-4895 HIGH PATCH This Week

Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Google Authentication Bypass Airwatch Agent Airwatch Inbox
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-1137 HIGH PATCH This Week

IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

IBM Authentication Bypass Websphere Application Server
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2017-1103 HIGH PATCH This Week

IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Rational Team Concert Rational Quality Manager
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-7698 HIGH PATCH This Week

A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption Use After Free RCE Swftools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-8890 HIGH PATCH This Week

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-8868 HIGH PATCH This Week

acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal CSRF PHP Flatcore Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-9250 HIGH This Week

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-5892 HIGH PATCH This Week

ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Rt Ac1750 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy