Skip to main content
CVE-2017-6622 CRITICAL POC THREAT Emergency

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

Cisco Command Injection Privilege Escalation Prime Collaboration Provisioning
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
31.0%
Threat
4.4
CVE-2017-9069 HIGH POC PATCH This Week

In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Modx Revolution
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-8338 HIGH POC This Week

A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2017-9047 HIGH POC This Week

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libxml2
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2017-9048 HIGH POC This Week

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libxml2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2017-9049 HIGH POC This Week

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libxml2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-9050 HIGH POC PATCH This Week

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libxml2
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-9067 HIGH POC PATCH This Week

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to. Rated high severity (CVSS 7.0). Public exploit code available.

Path Traversal PHP Modx Revolution
NVD GitHub
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-9068 MEDIUM POC PATCH This Month

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Modx Revolution
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9052 CRITICAL Act Now

An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libdwarf
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2017-7503 CRITICAL Act Now

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Red Hat Jboss Enterprise Application Platform
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-9045 MEDIUM POC This Month

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Google I O 2017
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9055 CRITICAL Act Now

An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libdwarf
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2017-9054 CRITICAL Act Now

An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libdwarf
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2017-9058 CRITICAL PATCH Act Now

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9051 CRITICAL PATCH Act Now

libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libav
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-6195 CRITICAL PATCH Act Now

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moveit Dmz Moveit Transfer 2017
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2017-9070 MEDIUM POC PATCH This Month

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Modx Revolution
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9053 CRITICAL Act Now

An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libdwarf
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2017-9064 HIGH PATCH This Week

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2017-9062 HIGH PATCH This Week

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Debian Linux
NVD GitHub
CVSS 3.0
8.6
EPSS
1.7%
CVE-2017-9066 HIGH PATCH This Week

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF WordPress Debian Linux
NVD GitHub
CVSS 3.0
8.6
EPSS
1.4%
CVE-2017-9071 MEDIUM POC PATCH This Month

In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Modx Revolution
NVD GitHub
CVSS 3.0
4.7
EPSS
0.3%
CVE-2017-8769 MEDIUM POC This Month

Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Whatsapp
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2017-6621 HIGH This Week

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
CVSS 3.0
7.5
EPSS
3.8%
CVE-2017-9065 HIGH PATCH This Week

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
3.5%
CVE-2017-6652 HIGH This Week

A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Telepresence Ix5000
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-9043 HIGH PATCH This Week

readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-3980 HIGH This Week

A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Epolicy Orchestrator
NVD
CVSS 3.0
7.2
EPSS
3.4%
CVE-2017-9042 HIGH PATCH This Week

readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6623 HIGH This Week

A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Policy Suite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9061 MEDIUM PATCH This Month

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
3.3%
CVE-2017-7433 MEDIUM This Month

An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Vibe
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-9063 MEDIUM PATCH This Month

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2017-9072 MEDIUM This Month

Two CalendarXP products have XSS in common parts of HTML files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Flatcalendarxp Popcalendarxp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9041 MEDIUM PATCH This Month

GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-9040 MEDIUM PATCH This Month

GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-9039 MEDIUM PATCH This Month

GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-9038 MEDIUM PATCH This Month

GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-9044 MEDIUM PATCH This Month

The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9059 MEDIUM PATCH This Month

The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy