Skip to main content
CVE-2017-7529 HIGH Act Now

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 91.9% and no vendor patch available.

Integer Overflow Nginx Information Disclosure Puppet Enterprise Xcode
NVD
CVSS 3.1
7.5
EPSS
91.9%
Threat
4.3
CVE-2017-11200 HIGH POC This Week

SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Finecms
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-11103 HIGH This Week

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Heimdal Freebsd Samba Iphone Os +2
NVD GitHub
CVSS 3.1
8.1
EPSS
5.3%
CVE-2017-11173 HIGH PATCH This Week

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rack Cors Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2017-9787 HIGH PATCH This Week

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Apache Information Disclosure Struts
NVD
CVSS 3.0
7.5
EPSS
8.2%
CVE-2017-11310 HIGH PATCH This Week

The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-9789 HIGH This Week

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Memory Corruption Use After Free Information Disclosure Http Server +1
NVD
CVSS 3.0
7.5
EPSS
6.1%
CVE-2016-8951 HIGH PATCH This Week

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service IBM Authentication Bypass Emptoris Strategic Supply Management
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6249 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Nvidia Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy