Skip to main content
CVE-2017-10983 HIGH PATCH This Week

An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-1000363 HIGH This Week

Linux drivers/char/lp.c Out-of-Bounds Write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Linux Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2017-11399 HIGH PATCH This Week

Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-1000052 HIGH This Week

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Plug
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2017-2272 HIGH This Week

Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Attachecase
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2271 HIGH This Week

Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.2.8.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Attachecase
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2270 HIGH This Week

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecapsule Deluxe Portable
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2269 HIGH This Week

Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecapsule Deluxe Portable
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2268 HIGH This Week

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecapsule Deluxe Portable
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2267 HIGH This Week

Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecapsule Deluxe Portable
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2266 HIGH This Week

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecapsule Deluxe Portable
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2265 HIGH This Week

Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecapsule Deluxe Portable
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2253 HIGH This Week

Untrusted search path vulnerability in Installer of Yahoo!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toolbar
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2252 HIGH This Week

Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure File Compact
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2249 HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2248 HIGH This Week

Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2247 HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2246 HIGH This Week

Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaz
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1000050 HIGH This Week

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Jasper Fedora Enterprise Linux Desktop +3
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-10981 HIGH PATCH This Week

An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-10980 HIGH PATCH This Week

An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-2344 HIGH This Week

A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Juniper Privilege Escalation +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3101 HIGH This Week

Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Connect
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-7684 HIGH PATCH This Week

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Apache Openmeetings
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-10982 HIGH PATCH This Week

An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-1000018 HIGH PATCH This Week

phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-7680 HIGH PATCH This Week

Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-1000014 HIGH PATCH This Week

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-7688 HIGH PATCH This Week

Apache OpenMeetings 1.0.0 updates user password in insecure manner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-10987 HIGH This Week

An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-10986 HIGH PATCH This Week

An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-1183 HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Tivoli Monitoring
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-10985 HIGH PATCH This Week

An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freeradius
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-11367 HIGH This Week

The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Shoco
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-1000001 HIGH PATCH This Week

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fedmsg
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-7683 HIGH PATCH This Week

Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Apache Information Disclosure Openmeetings
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-1000066 HIGH This Week

The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-9639 HIGH This Week

An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE V Server
NVD
CVSS 3.0
7.3
EPSS
1.5%
CVE-2017-1000048 HIGH PATCH This Week

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qs
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1000025 HIGH This Week

GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epiphany
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1000016 HIGH PATCH This Week

A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1000079 HIGH This Week

Linux foundation ONOS 1.9.0 is vulnerable to a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Onos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-2348 HIGH This Week

The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-2314 HIGH This Week

Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-1000068 HIGH This Week

TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Testtrack
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-1000064 HIGH This Week

kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kitto
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-11343 HIGH This Week

Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Chicken
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-1000080 HIGH This Week

Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Onos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-1000046 HIGH PATCH This Week

Mautic 2.6.1 and earlier fails to set flags on session cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mautic
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000024 HIGH This Week

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shotwell
NVD
CVSS 3.0
7.5
EPSS
0.2%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy