Skip to main content
CVE-2017-0196 MEDIUM PATCH This Month

An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.1%.

Microsoft Information Disclosure Edge
NVD GitHub
CVSS 3.0
6.5
EPSS
19.1%
CVE-2017-1000038 MEDIUM POC This Month

WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Relevanssi
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-11362 CRITICAL Act Now

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PHP
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-1000004 CRITICAL Act Now

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Information Disclosure Atutor
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-1000044 CRITICAL PATCH Act Now

gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Gtk Vnc
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-1000043 MEDIUM POC PATCH This Month

Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mapbox Js
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-1000042 MEDIUM POC PATCH This Month

Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mapbox
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7664 CRITICAL PATCH Act Now

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Openmeetings
NVD
CVSS 3.0
10.0
EPSS
0.6%
CVE-2017-1000047 CRITICAL Act Now

rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Rbenv
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2017-1000362 CRITICAL PATCH Act Now

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-1000020 CRITICAL Act Now

SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedded Web Servers
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-10601 CRITICAL Act Now

A specific device configuration can result in a commit failure condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-7673 CRITICAL PATCH Act Now

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11329 CRITICAL Act Now

GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Glpi
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-1000003 CRITICAL Act Now

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Atutor
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-1000056 CRITICAL PATCH Act Now

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Kubernetes Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11354 CRITICAL PATCH Act Now

Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-6793 CRITICAL Act Now

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Apache RCE Java +1
NVD
CVSS 3.0
9.1
EPSS
3.6%
CVE-2017-2336 CRITICAL Act Now

A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
9.6
EPSS
0.3%
CVE-2017-9609 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Blackcat Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
1.2%
CVE-2017-11128 MEDIUM POC This Month

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-11127 MEDIUM POC This Month

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1000023 MEDIUM POC This Month

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Logicaldoc
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-11347 HIGH This Week

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Metinfo
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-11335 HIGH This Week

There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Libtiff
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-3099 HIGH PATCH This Week

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2017-1000017 HIGH PATCH This Week

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Phpmyadmin
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-1000067 HIGH PATCH This Week

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Revolution
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-7666 HIGH PATCH This Week

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Apache Openmeetings
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-2341 HIGH This Week

An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-7681 HIGH PATCH This Week

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Apache Openmeetings
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1000069 HIGH PATCH This Week

CSRF in Bitly oauth2_proxy 2.1 during authentication flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Oauth2 Proxy
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1000008 HIGH This Week

Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Chyrp Lite
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-10605 HIGH This Week

On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
8.6
EPSS
0.8%
CVE-2017-2339 HIGH This Week

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-2338 HIGH This Week

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-2337 HIGH This Week

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-2335 HIGH This Week

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-7682 HIGH PATCH This Week

Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.0
8.2
EPSS
0.7%
CVE-2017-1000053 HIGH This Week

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Plug
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2015-5152 HIGH This Week

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Foreman
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-1000071 HIGH This Week

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Phpcas
NVD GitHub
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-2342 HIGH This Week

MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2017-1000062 HIGH This Week

kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Kitto
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-11344 HIGH This Week

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rt Ac5300 Firmware Rt Ac1900P Firmware Rt Ac68U Firmware +25
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2017-11345 HIGH This Week

Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rt Ac5300 Firmware Rt Ac1900P Firmware Rt Ac68U Firmware +25
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2017-11311 HIGH PATCH This Week

soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Libopenmpt Openmpt
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2017-10978 HIGH PATCH This Week

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Freeradius Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2017-1182 HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

IBM Information Disclosure Tivoli Monitoring
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2017-1000010 HIGH This Week

Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Audacity
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy