Skip to main content
CVE-2017-8558 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow RCE Microsoft Windows Defender Endpoint Protection +3
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
57.8%
Threat
4.8
CVE-2017-10672 CRITICAL POC THREAT Emergency

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Memory Corruption Use After Free RCE Xml Libxml Debian Linux
NVD
CVSS 3.1
9.8
EPSS
10.1%
CVE-2017-10682 CRITICAL POC PATCH Act Now

SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Piwigo
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-10681 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Piwigo
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-10680 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Piwigo
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-10678 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Piwigo
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-10688 HIGH POC This Week

In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
3.8%
CVE-2017-10686 HIGH POC This Week

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Buffer Overflow RCE Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-10679 HIGH POC PATCH This Week

Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Piwigo
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-4997 CRITICAL Act Now

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Emc Vasa Provider Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2017-10684 CRITICAL Act Now

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Ncurses
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2017-10685 CRITICAL Act Now

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ncurses
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-2848 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-2849 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-2847 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-2846 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-2845 HIGH This Week

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2017-2844 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-2850 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-5528 HIGH This Week

Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Jasperreports Server Jaspersoft Jaspersoft Reporting And Analytics
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-8613 HIGH This Week

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Azure Active Directory Connect
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2017-10671 HIGH PATCH This Week

Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Sthttpd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-3748 HIGH This Week

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-10683 HIGH This Week

In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mpg123
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2017-10687 HIGH This Week

In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libsass
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-10042 HIGH This Week

Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Information Disclosure Swisscom Internet Box Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-2851 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2017-8576 HIGH PATCH This Week

The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted. Rated high severity (CVSS 7.0).

RCE Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.0
EPSS
1.3%
CVE-2017-8579 HIGH PATCH This Week

The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted. Rated high severity (CVSS 7.0).

RCE Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.0
EPSS
0.7%
CVE-2017-1310 MEDIUM PATCH This Month

IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow IBM Informix Dynamic Server
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-3750 MEDIUM This Month

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Privilege Escalation Lenovo Android
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2017-3749 MEDIUM This Month

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Privilege Escalation Lenovo Android
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2017-10673 MEDIUM PATCH This Month

admin/profile.php in GetSimple CMS 3.x has XSS in a name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Getsimple Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-10667 MEDIUM This Month

In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Zen Cart
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8575 MEDIUM PATCH This Month

The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.5
EPSS
2.1%
CVE-2017-3747 MEDIUM This Month

Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Lenovo Nerve Center
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8554 MEDIUM PATCH This Month

The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
1.3%
CVE-2017-5529 MEDIUM This Month

JasperReports library components contain an information disclosure vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jasperreports Library Community Edition Jasperreports Library For Activematrix Bpm Jasperreports Professional Jasperreports Server +5
NVD
CVSS 3.0
4.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy