Skip to main content
CVE-2017-9232 CRITICAL POC PATCH THREAT Act Now

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Authentication Bypass Privilege Escalation Juju
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
81.6%
Threat
5.9
CVE-2015-9059 CRITICAL PATCH Act Now

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.7%.

Command Injection Picocom
NVD GitHub
CVSS 3.0
9.8
EPSS
16.7%
CVE-2017-9250 HIGH POC PATCH This Week

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2017-9243 MEDIUM POC This Month

Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qwr 1104 Wireless N Router Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9249 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Allen Disk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2017-7295 HIGH This Week

An issue was discovered in Contiki Operating System 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Contiki
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-9252 MEDIUM This Month

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9251 MEDIUM This Month

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7296 MEDIUM This Month

An issue was discovered in Contiki Operating System 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Contiki
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10376 MEDIUM PATCH This Month

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gajim
NVD
CVSS 3.0
4.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy