Skip to main content
CVE-2017-8540 HIGH POC KEV PATCH THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Microsoft RCE Memory Corruption
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
84.6%
Threat
7.1
CVE-2017-8541 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.2%.

Buffer Overflow RCE Microsoft Forefront Security Malware Protection Engine +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
64.2%
Threat
5.0
CVE-2017-8538 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.6%.

Buffer Overflow RCE Microsoft Forefront Security Malware Protection Engine +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
62.6%
Threat
4.9
CVE-2017-9033 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro CSRF Serverprotect
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-9036 HIGH POC PATCH This Week

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Authentication Bypass Serverprotect
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-9035 HIGH POC PATCH This Week

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Trend Micro Information Disclosure Serverprotect
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2017-7505 HIGH PATCH This Week

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Foreman
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-7439 HIGH PATCH This Week

NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oncommand Unified Manager Core Package
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-7236 HIGH PATCH This Week

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Oncommand Unified Manager Core Package
NVD
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy