Skip to main content
CVE-2017-8540 HIGH POC KEV PATCH THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Microsoft RCE Memory Corruption
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
84.6%
Threat
7.1
CVE-2017-6862 CRITICAL KEV THREAT Emergency

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 37.5%.

Buffer Overflow Authentication Bypass RCE Netgear
NVD
CVSS 3.1
9.8
EPSS
37.5%
Threat
4.6
CVE-2017-8541 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.2%.

Buffer Overflow RCE Microsoft Forefront Security Malware Protection Engine +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
64.2%
Threat
5.0
CVE-2017-8538 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.6%.

Buffer Overflow RCE Microsoft Forefront Security Malware Protection Engine +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
62.6%
Threat
4.9
CVE-2016-6256 CRITICAL POC THREAT Emergency

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Google XXE SAP Business One
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
10.1%
CVE-2017-9034 CRITICAL POC PATCH Act Now

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Trend Micro Serverprotect
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2017-9033 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro CSRF Serverprotect
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-9036 HIGH POC PATCH This Week

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Authentication Bypass Serverprotect
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-5868 MEDIUM POC This Month

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Openvpn Access Server
NVD
CVSS 3.0
6.1
EPSS
8.5%
CVE-2017-9035 HIGH POC PATCH This Week

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Trend Micro Information Disclosure Serverprotect
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2017-9239 MEDIUM POC This Month

An issue was discovered in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Exiv2 Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-8537 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-8536 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-8535 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-9037 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Trend Micro Serverprotect
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2017-9032 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Trend Micro Serverprotect
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2016-10375 CRITICAL PATCH Act Now

Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Yodl
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-8542 MEDIUM This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Forefront Security Malware Protection Engine +1
NVD
CVSS 3.0
5.5
EPSS
19.2%
CVE-2017-8539 MEDIUM This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Forefront Security Malware Protection Engine +1
NVD
CVSS 3.0
5.5
EPSS
19.2%
CVE-2017-7505 HIGH PATCH This Week

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Foreman
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-7439 HIGH PATCH This Week

NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oncommand Unified Manager Core Package
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-7236 HIGH PATCH This Week

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Oncommand Unified Manager Core Package
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-5646 MEDIUM PATCH This Month

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Authentication Bypass Apache Knox
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2017-1325 MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1291 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-1292 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-0269 MEDIUM PATCH This Month

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Contao Cms
NVD
CVSS 3.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy