Skip to main content
CVE-2017-9287 MEDIUM POC PATCH THREAT This Month

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Denial Of Service Openldap Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +6
NVD
CVSS 3.1
6.5
EPSS
26.5%
CVE-2017-9301 HIGH POC CISA Act Now

plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Vlc Media Player
NVD
CVSS 3.0
7.8
EPSS
0.4%
Threat
5.1
CVE-2017-9300 HIGH POC CISA Act Now

plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Vlc Media Player
NVD
CVSS 3.0
7.8
EPSS
0.3%
Threat
5.1
CVE-2016-10379 HIGH POC This Week

The VirtueMart com_virtuemart component 3.0.14 for Joomla!. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Virtuemart
NVD
CVSS 3.0
7.2
EPSS
0.6%
CVE-2016-10378 HIGH POC This Week

e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E107
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2017-9294 CRITICAL Act Now

RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Device Manager
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-9288 MEDIUM POC This Month

The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Raygun4Wp
NVD GitHub
CVSS 3.0
6.1
EPSS
2.8%
CVE-2017-9299 MEDIUM POC This Month

Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Otrs
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-9289 MEDIUM POC This Month

Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Note
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9265 CRITICAL PATCH Act Now

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Openvswitch
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-9148 CRITICAL Act Now

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Freeradius
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-9264 CRITICAL PATCH Act Now

In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Openvswitch
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-7915 CRITICAL Act Now

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oncell G3110 Hspa Firmware Oncell G3110 Hsdpa Firmware Oncell G3150 Hsdpa Firmware Oncell 5104 Hsdpa Firmware +2
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-7913 CRITICAL Act Now

A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncell G3110 Hspa Firmware Oncell G3110 Hsdpa Firmware Oncell G3150 Hsdpa Firmware Oncell 5104 Hsdpa Firmware +2
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-10377 HIGH PATCH This Week

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Openvswitch
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-7917 HIGH This Week

A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oncell G3110 Hspa Firmware Oncell G3110 Hsdpa Firmware Oncell G3150 Hsdpa Firmware Oncell 5104 Hsdpa Firmware +2
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-9262 MEDIUM PATCH This Month

In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-9261 MEDIUM PATCH This Month

In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-9295 MEDIUM This Month

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Device Manager
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-9263 MEDIUM PATCH This Month

In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message`. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Openvswitch
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-9292 MEDIUM This Month

Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lansweeper
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9303 MEDIUM PATCH This Month

Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Laravel
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9297 MEDIUM This Month

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Device Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9296 MEDIUM This Month

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Device Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9302 MEDIUM This Month

RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Realplayer
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9298 MEDIUM This Month

Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Device Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy