Skip to main content
CVE-2017-9602 CRITICAL POC Act Now

KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Kbvault Mysql
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
7.4%
CVE-2017-9097 CRITICAL PATCH Act Now

In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Antiweb
NVD GitHub
CVSS 3.0
9.1
EPSS
9.5%
CVE-2017-9728 CRITICAL Act Now

In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Uclibc
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-1000218 HIGH This Week

Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Elastic Kibana Reporting
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-7884 HIGH This Week

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apc Ups Daemon
NVD
CVSS 3.0
8.4
EPSS
0.0%
CVE-2017-9735 HIGH PATCH This Week

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jetty Debian Linux Communications Cloud Native Core Policy Enterprise Manager Base Platform +3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2016-1000221 HIGH PATCH This Week

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Logstash
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-1000219 HIGH This Week

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Kibana
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-7507 HIGH This Week

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Gnutls
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-10363 HIGH This Week

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Logstash
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-9231 HIGH This Week

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XXE Xenmobile Server
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-8452 HIGH This Week

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elastic Kibana
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1000222 HIGH This Week

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-9729 HIGH This Week

In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uclibc
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-9731 HIGH PATCH This Week

In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Yp Core Pyro
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-8450 HIGH This Week

X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure X Pack
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-3254 MEDIUM PATCH This Month

The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apache Thrift
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2016-10362 MEDIUM PATCH This Month

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Information Disclosure Output Plugin
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-10364 MEDIUM This Month

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Kibana
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6899 MEDIUM This Month

The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Lineageos
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-1000220 MEDIUM This Month

Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-9056 MEDIUM This Month

Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-10366 MEDIUM This Month

Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-8451 MEDIUM This Month

With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10365 MEDIUM This Month

Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8449 MEDIUM This Month

X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure X Pack
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-9601 MEDIUM This Month

The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Fnb Kemp Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9600 MEDIUM This Month

The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Peoples Bank Tulsa
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9599 MEDIUM This Month

The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Fountain Trust Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9598 MEDIUM This Month

The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Morton Credit Union Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9597 MEDIUM This Month

The "Blue Ridge Bank and Trust Co. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Blue Ridge Bank And Trust Co Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9596 MEDIUM This Month

The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Cfb Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9595 MEDIUM This Month

The "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure First State Bank Of Bigfork Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9594 MEDIUM This Month

The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Svb Mobile
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9593 MEDIUM This Month

The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Oculina Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9592 MEDIUM This Month

The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Your Legacy Federal Credit Union Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9591 MEDIUM This Month

The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Pcb Mobile
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-9590 MEDIUM This Month

The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure State Bank Of Waterloo Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9589 MEDIUM This Month

The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Scsb Shelbyville Il Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9588 MEDIUM This Month

The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Oritani Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9587 MEDIUM This Month

The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Pcsb Bank Mobile
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9586 MEDIUM This Month

The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Fsby Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9585 MEDIUM This Month

The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Community State Bank Lamar
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-9584 MEDIUM This Month

The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Hbo Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9583 MEDIUM This Month

The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Charlevoix State Bank
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9582 MEDIUM This Month

The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-mobile-banking/id674215747 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Bnb Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9581 MEDIUM This Month

The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Algonquin State Bank Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9580 MEDIUM This Month

The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Pioneer Bank Trust Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9579 MEDIUM This Month

The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Jmcu Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9578 MEDIUM This Month

The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Rvcb Mobile
NVD
CVSS 3.0
5.9
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy