Skip to main content
CVE-2017-8798 CRITICAL POC THREAT Emergency

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.5%.

Buffer Overflow Denial Of Service Miniupnpd
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
23.5%
Threat
4.2
CVE-2017-8898 CRITICAL POC Act Now

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation PHP Invision Power Board
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-8899 HIGH POC This Week

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Information Disclosure Invision Power Board
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2016-10370 HIGH POC This Week

An issue was discovered on OnePlus devices such as the 3T. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oxygenos
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-8897 MEDIUM POC This Month

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Invision Power Board
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5461 CRITICAL PATCH Act Now

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mozilla Denial Of Service Network Security Services
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-5948 MEDIUM POC This Month

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Oxygenos
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-8851 MEDIUM POC This Month

An issue was discovered on OnePlus One and X devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Oxygenos
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-8850 MEDIUM POC This Month

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Oxygenos
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-7472 MEDIUM POC PATCH This Month

The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-8906 MEDIUM POC This Month

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service X265 High Efficiency Video Coding
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-8903 HIGH PATCH This Week

Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Xen
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-9092 HIGH This Week

The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Content Analysis Mail Threat Defense
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-8905 HIGH PATCH This Week

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Xen
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-8904 HIGH PATCH This Week

Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Xen
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9100 HIGH This Week

Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Advanced Secure Gateway Symantec Proxysg
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-7476 HIGH This Week

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Websafe Big Ip Protocol Security Module Big Ip Policy Enforcement Manager Big Ip Link Controller +6
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2015-5436 HIGH This Week

A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Integrated Lights Out Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-2680 HIGH This Week

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Cp 343 1 Std Firmware Simatic Cp 343 1 Lean Firmware Simatic Cp 343 1 Adv Firmware Simatic Cp 443 1 Std Firmware +89
NVD
CVSS 4.0
7.1
EPSS
2.3%
CVE-2016-9097 HIGH This Week

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Advanced Secure Gateway Symantec Proxysg
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2016-2126 MEDIUM This Month

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samba
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2017-2681 HIGH This Week

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Cp 343 1 Std Firmware Simatic Cp 343 1 Lean Firmware Simatic Cp 343 1 Adv Firmware Simatic Cp 443 1 Std Firmware +75
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2017-6865 MEDIUM This Month

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pcs 7 Primary Setup Tool Security Configuration Tool Simatic Automation Tool +12
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-9099 MEDIUM This Month

Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Advanced Secure Gateway Symantec Proxysg
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6867 MEDIUM This Month

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Siemens Simatic Wincc Simatic Wincc Tia Portal +1
NVD
CVSS 3.0
4.9
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy