Skip to main content
CVE-2017-9100 HIGH POC This Week

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 600M Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.8%
CVE-2017-9024 HIGH POC This Week

Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cisco Secure Cisco Auditor
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
9.1%
CVE-2017-9046 HIGH POC This Week

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Pegasus
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-9115 HIGH This Week

In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Openexr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2017-9113 HIGH This Week

In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Openexr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2017-9111 HIGH PATCH This Week

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Openexr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-9133 HIGH This Week

An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-9135 HIGH This Week

An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-9138 HIGH This Week

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda F1200 Firmware Fh1202 Firmware F1202 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2017-9131 HIGH This Week

An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2014-9970 HIGH PATCH This Week

jasypt before 1.9.2 allows a timing attack against the password hash comparison. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jasypt
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9134 HIGH This Week

An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-9132 HIGH This Week

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Backhaul Radios Client Radios
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-9136 HIGH This Week

An issue was discovered on Mimosa Client Radios before 2.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-9137 HIGH This Week

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fiberair Ip 10 Firmware
NVD
CVSS 3.0
7.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy