Skip to main content
CVE-2017-0223 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.0%.

Buffer Overflow RCE Microsoft Edge
NVD GitHub
CVSS 3.0
9.8
EPSS
36.0%
CVE-2017-0252 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.3%.

Buffer Overflow RCE Microsoft Edge
NVD GitHub
CVSS 3.0
9.8
EPSS
24.3%
CVE-2017-7478 HIGH POC This Week

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openvpn
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
4.6%
CVE-2017-7213 CRITICAL PATCH Act Now

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.4%.

Information Disclosure Zoho Manageengine Desktop Central
NVD
CVSS 3.0
10.0
EPSS
10.4%
CVE-2017-8926 HIGH POC This Week

Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Logview Pro
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.1%
CVE-2017-8927 HIGH POC This Week

Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Vizex Reader
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2017-6890 CRITICAL PATCH Act Now

A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libraw Demosaic Pack Gpl2
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-6889 CRITICAL PATCH Act Now

An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libraw Demosaic Pack Gpl2
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-8741 HIGH PATCH This Week

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java Apache Information Disclosure Qpid Broker J
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-7479 MEDIUM This Month

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openvpn
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-9750 MEDIUM This Month

IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-5655 MEDIUM This Month

In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ambari
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-7489 MEDIUM PATCH This Month

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Moodle
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2017-8941 MEDIUM This Month

The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Interval International
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-8943 MEDIUM This Month

The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Pumatrac
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-8942 MEDIUM This Month

The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Shopwell Healthy Diet Grocery Food Scanner
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-8940 MEDIUM This Month

The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Healthy Recipes And Grocery Deals
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-8939 MEDIUM This Month

The Warner Bros. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Ellentube
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-8938 MEDIUM This Month

The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Radio Javan
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-8937 MEDIUM This Month

The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Yo
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-8936 MEDIUM This Month

The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Dolphin Web Browser
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-8935 MEDIUM This Month

The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Indiana Voters
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-8934 MEDIUM This Month

PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Pcmanfm
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-7495 MEDIUM PATCH This Month

fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-7490 MEDIUM PATCH This Month

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Moodle
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-9735 MEDIUM This Month

IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-7491 MEDIUM PATCH This Month

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-8933 LOW Monitor

Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libmenu Cache
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-5979 LOW PATCH Monitor

IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Distributed Marketing
NVD
CVSS 3.0
2.7
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy