Skip to main content
CVE-2017-8558 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow RCE Microsoft Windows Defender Endpoint Protection +3
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
57.8%
Threat
4.8
CVE-2017-10681 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Piwigo
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-10680 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Piwigo
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-10678 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Piwigo
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-10688 HIGH POC This Week

In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
3.8%
CVE-2017-10686 HIGH POC This Week

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Buffer Overflow RCE Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-10679 HIGH POC PATCH This Week

Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Piwigo
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-2848 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-2849 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-2847 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-2846 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-2845 HIGH This Week

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2017-2844 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-2850 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-5528 HIGH This Week

Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Jasperreports Server Jaspersoft Jaspersoft Reporting And Analytics
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-8613 HIGH This Week

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Azure Active Directory Connect
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2017-10671 HIGH PATCH This Week

Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Sthttpd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-3748 HIGH This Week

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-10683 HIGH This Week

In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mpg123
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2017-10687 HIGH This Week

In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libsass
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-10042 HIGH This Week

Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Information Disclosure Swisscom Internet Box Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-2851 HIGH This Week

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2017-8576 HIGH PATCH This Week

The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted. Rated high severity (CVSS 7.0).

RCE Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.0
EPSS
1.3%
CVE-2017-8579 HIGH PATCH This Week

The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted. Rated high severity (CVSS 7.0).

RCE Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy