Skip to main content
CVE-2017-9248 CRITICAL POC KEV THREAT Emergency

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

XSS
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
87.8%
Threat
7.6
CVE-2017-8116 CRITICAL POC Act Now

The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rut900 Firmware Rut905 Firmware Rut950 Firmware Rut955 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
7.5%
CVE-2016-6201 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ektron Content Management System
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7919 CRITICAL Act Now

An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xps Cx Firmware Xps Qx Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-5944 HIGH This Week

The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Request Tracker
NVD
CVSS 3.0
8.8
EPSS
4.2%
CVE-2017-5943 HIGH This Week

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Request Tracker
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-5045 HIGH This Week

NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oncommand System Manager
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-3998 HIGH This Week

NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Privilege Escalation Altavault
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-3400 HIGH This Week

NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Data Ontap
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-3997 HIGH This Week

NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-6127 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Request Tracker
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-10798 MEDIUM This Month

In ObjectPlanet Opinio before 7.6.4, there is XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opinio
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5361 MEDIUM This Month

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Request Tracker
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-10799 MEDIUM PATCH This Month

When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Graphicsmagick
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-10800 MEDIUM PATCH This Month

When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Graphicsmagick
NVD
CVSS 3.0
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy