Skip to main content
CVE-2017-6326 CRITICAL POC THREAT Emergency

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 79.1%.

RCE Messaging Gateway
NVD Exploit-DB
CVSS 3.0
10.0
EPSS
79.1%
Threat
5.9
CVE-2015-3315 HIGH POC PATCH Act Now

Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Automatic Bug Reporting Tool
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
5.3%
CVE-2017-9466 CRITICAL POC Act Now

The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Wr841N V8 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-9935 HIGH POC This Week

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Information Disclosure Libtiff Ubuntu Linux +1
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-9953 HIGH POC This Week

There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Exiv2 Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9936 MEDIUM POC This Month

In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux Ubuntu Linux
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
5.2%
CVE-2017-9937 MEDIUM POC This Month

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libtiff
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-9615 CRITICAL Act Now

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Moneyworks
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-9948 HIGH This Week

A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Skype
NVD
CVSS 3.0
8.8
EPSS
4.9%
CVE-2016-8493 HIGH This Week

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Forticlient
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-6662 HIGH This Week

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Cisco Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.0
8.0
EPSS
0.9%
CVE-2017-6669 HIGH This Week

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Webex Advanced Recording Format Player
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2017-9949 HIGH This Week

The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2015-3215 HIGH PATCH This Week

The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Virtio Win
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-7458 HIGH PATCH This Week

The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ntopng
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-6678 HIGH This Week

A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Virtualized Packet Core
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-7459 HIGH PATCH This Week

ntopng before 3.0 allows HTTP Response Splitting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ntopng
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6324 HIGH This Week

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Messaging Gateway
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2017-6325 MEDIUM This Month

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Messaging Gateway
NVD
CVSS 3.0
6.6
EPSS
3.4%
CVE-2017-7496 HIGH This Week

fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Arm Installer
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2014-8127 MEDIUM This Month

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libtiff Opensuse
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-9145 MEDIUM PATCH This Month

TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7416 MEDIUM PATCH This Month

ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ntopng
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9929 MEDIUM PATCH This Month

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2017-9928 MEDIUM PATCH This Month

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2017-9954 MEDIUM PATCH This Month

The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-9955 MEDIUM PATCH This Month

The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-1870 MEDIUM PATCH This Month

The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Automatic Bug Reporting Tool
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-3142 MEDIUM This Month

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Automatic Bug Reporting Tool
NVD
CVSS 3.0
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy