Skip to main content
CVE-2017-9417 CRITICAL POC THREAT Emergency

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.4%.

Broadcom RCE Bcm43Xx Wi Fi Chipset Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
31.4%
Threat
4.4
CVE-2017-9416 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.3%.

Path Traversal Odoo
NVD GitHub
CVSS 3.0
6.5
EPSS
16.3%
CVE-2017-9427 HIGH POC This Week

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bigtree Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-9428 HIGH POC This Week

A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft PHP Bigtree Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2012-6705 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jamroom
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-9983 MEDIUM POC This Month

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Rar
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-8229 HIGH This Week

A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lenovo Lenovo Service Bridge
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-8228 HIGH This Week

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Lenovo Service Bridge
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-8230 HIGH This Week

In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Lenovo Service Bridge
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-8231 HIGH This Week

In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Lenovo Service Bridge
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-3740 MEDIUM This Month

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Lenovo Active Protection System
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-3741 LOW Monitor

In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Power Management
NVD
CVSS 3.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy