Skip to main content
CVE-2017-11590 HIGH POC This Week

There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libgxps
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-11592 HIGH POC This Week

There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-11591 HIGH POC This Week

There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2 Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-11325 HIGH POC This Week

An issue was discovered in Tilde CMS 1.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Tilde Cms
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-11326 HIGH POC This Week

An issue was discovered in Tilde CMS 1.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tilde Cms
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-7703 HIGH This Week

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Debian Linux Oncommand Performance Manager +9
NVD
CVSS 3.1
7.5
EPSS
8.1%
CVE-2017-11422 HIGH PATCH This Week

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Statamic
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-8036 HIGH This Week

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Capi Release
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-11587 HIGH This Week

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Residential Gateway Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9553 HIGH This Week

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Authentication Bypass Diskstation Manager
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1382 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2017-11600 HIGH This Week

net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy