Skip to main content
CVE-2017-8797 HIGH PATCH Act Now

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.4%.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
30.4%
CVE-2017-8894 HIGH POC This Week

AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Aeroadmin
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2017-10790 HIGH POC This Week

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libtasn1
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-8893 HIGH POC This Week

AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Aeroadmin
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-10792 MEDIUM POC This Month

There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Pspp
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-10791 MEDIUM POC This Month

There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Pspp
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-10706 MEDIUM POC This Month

When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Antivirus Engine
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2017-10795 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Subrion
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-0377 HIGH PATCH This Week

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tor
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-10796 MEDIUM This Month

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Authentication Bypass Nc250 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-10794 MEDIUM PATCH This Month

When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Graphicsmagick
NVD
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy