Skip to main content
CVE-2017-7668 HIGH PATCH Act Now

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 62.8%.

Buffer Overflow Apache Http Server Clustered Data Ontap Oncommand Unified Manager +11
NVD
CVSS 3.1
7.5
EPSS
62.8%
CVE-2017-3087 HIGH This Week

Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Captivate
NVD
CVSS 3.0
7.5
EPSS
4.2%
CVE-2017-3745 HIGH PATCH This Week

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Lenovo Xclarity Administrator
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3743 HIGH PATCH This Week

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Lenovo Information Disclosure Advanced Settings Utility Toolscenter Dynamic System Analysis Updatexpress System Pack Installer
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-3214 HIGH This Week

The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure One Key
NVD
CVSS 3.1
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy