Skip to main content
CVE-2017-1000080 HIGH This Week

Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Onos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-1000046 HIGH PATCH This Week

Mautic 2.6.1 and earlier fails to set flags on session cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mautic
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000024 HIGH This Week

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shotwell
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-1000026 HIGH PATCH This Week

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Mixlib Archive
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-9933 HIGH This Week

Improper cache invalidation in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.0
7.5
EPSS
0.0%
CVE-2017-8004 HIGH This Week

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rsa Identity Governance And Lifecycle Rsa Identity Management And Governance Rsa Via Lifecycle And Governance
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2015-0249 HIGH This Week

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Apache Roller
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-1000061 HIGH PATCH This Week

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Information Disclosure Xmlsec
NVD GitHub
CVSS 3.0
7.1
EPSS
0.6%
CVE-2017-10603 HIGH This Week

An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. Rated high severity (CVSS 7.0). No vendor patch available.

Code Injection Juniper Junos
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-10602 HIGH This Week

A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Juniper Junos
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-4996 HIGH This Week

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Satellite
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-1181 HIGH This Week

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Information Disclosure Tivoli Monitoring
NVD
CVSS 3.0
7.0
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy