Skip to main content
CVE-2017-11144 HIGH Act Now

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 40.7% and no vendor patch available.

Denial Of Service OpenSSL PHP
NVD
CVSS 3.0
7.5
EPSS
40.7%
CVE-2017-11142 HIGH PATCH Act Now

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.2%.

Denial Of Service PHP
NVD GitHub
CVSS 3.0
7.5
EPSS
15.2%
CVE-2017-11143 HIGH PATCH This Week

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption PHP Deserialization Use After Free
NVD
CVSS 3.0
7.5
EPSS
9.8%
CVE-2017-11145 HIGH PATCH This Week

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure
NVD GitHub
CVSS 3.0
7.5
EPSS
7.7%
CVE-2017-1337 HIGH This Week

IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Java Information Disclosure Websphere Mq
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-7670 HIGH PATCH This Week

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Apache Traffic Control
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-6729 HIGH This Week

A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asr 5000 Software
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-6731 HIGH This Week

A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco Ios Xr
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-10397 HIGH PATCH This Week

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-5652 HIGH This Week

During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Impala
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6728 HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Apple Cisco Privilege Escalation Ios Xr
NVD
CVSS 3.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy