Skip to main content
CVE-2017-2810 HIGH POC PATCH This Week

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Information Disclosure Tablib
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-7914 HIGH Act Now

A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.6% and no vendor patch available.

Rockwell Information Disclosure Panelview Plus 6 700 1500 Firmware
NVD
CVSS 3.0
8.6
EPSS
12.6%
CVE-2017-9624 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epesi
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9623 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Epesi
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7676 CRITICAL PATCH Act Now

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Ranger
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-8907 HIGH This Week

Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Authentication Bypass Bamboo
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-0663 HIGH This Week

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google RCE Android
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2017-0637 HIGH PATCH This Week

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-0638 HIGH This Week

A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google RCE Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-0648 HIGH This Week

An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-7910 HIGH This Week

A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Wind Analysis
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-4981 HIGH This Week

EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Cert C
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2017-0649 HIGH This Week

An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-0636 HIGH This Week

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-9463 MEDIUM PATCH This Month

The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Piwigo
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-5697 MEDIUM This Month

Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intel Active Management Technology Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-9621 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Epesi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2017-9622 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Epesi
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9464 MEDIUM PATCH This Month

An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect PHP Piwigo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-0641 MEDIUM PATCH This Month

A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
2.7%
CVE-2016-8746 MEDIUM PATCH This Month

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Ranger
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-7677 MEDIUM PATCH This Month

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Apache Ranger
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-9617 MEDIUM PATCH This Month

In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Wireshark
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9616 MEDIUM This Month

In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wireshark
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0644 MEDIUM PATCH This Month

A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0643 MEDIUM PATCH This Month

A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0640 MEDIUM PATCH This Month

A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0642 MEDIUM PATCH This Month

A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0647 MEDIUM This Month

An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0646 MEDIUM This Month

An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0639 MEDIUM This Month

An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0645 MEDIUM This Month

An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9502 MEDIUM This Month

In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Curl
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-4986 MEDIUM This Month

EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Secure Remote Services
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-8751 MEDIUM PATCH This Month

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Ranger
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-0650 MEDIUM This Month

An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0651 MEDIUM This Month

An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy