Skip to main content
CVE-2017-2820 HIGH POC This Week

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Poppler
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2017-11190 HIGH POC This Week

unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Unrar Free
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-2863 HIGH POC This Week

An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Infix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-11178 HIGH POC This Week

In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Finecms
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-4054 HIGH PATCH This Week

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Advanced Threat Defense
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2017-4057 HIGH PATCH This Week

Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Advanced Threat Defense
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-11196 HIGH This Week

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pulse Connect Secure
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-11193 HIGH This Week

Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pulse Connect Secure
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9844 HIGH This Week

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Denial Of Service Deserialization Java RCE +1
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2017-9845 HIGH This Week

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 3.0
7.5
EPSS
4.2%
CVE-2017-2814 HIGH This Week

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Poppler
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-4055 HIGH PATCH This Week

Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Advanced Threat Defense
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-2818 HIGH This Week

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Poppler
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-9977 HIGH This Week

AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Anti Virus
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-11188 HIGH PATCH This Week

The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy