Skip to main content
CVE-2017-11456 HIGH POC This Week

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gwr352 3G Router Firmware Gwr352Wv Wide Voltage 3G Router Firmware Gwr252 Edge Router Firmware Gwr202 Gprs Router Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.2%
CVE-2017-9245 HIGH POC This Week

The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure News And Weather
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-11449 HIGH PATCH This Week

coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-11450 HIGH PATCH This Week

coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-1218 HIGH This Week

IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Bigfix Platform
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-7507 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Glpi
NVD GitHub
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-11464 HIGH PATCH This Week

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Librsvg
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-1309 HIGH PATCH This Week

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Infosphere Master Data Management Server
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-1224 HIGH This Week

IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy