Skip to main content
CVE-2017-11715 CRITICAL POC Act Now

job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Metinfo
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-11720 CRITICAL POC Act Now

There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lame
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11705 MEDIUM POC This Month

A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ming
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-11703 MEDIUM POC This Month

A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ming
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-11704 MEDIUM POC This Month

A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ming
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-11716 MEDIUM POC This Month

MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metinfo
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11718 MEDIUM POC This Month

There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect PHP Metinfo
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11645 CRITICAL Act Now

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 4Gt101W Software 4Gt101W Bootloader
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11184 CRITICAL Act Now

SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Glpi
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-11647 MEDIUM POC This Month

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 4Gt101W Software 4Gt101W Bootloader
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-4919 CRITICAL Act Now

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

VMware Authentication Bypass Vcenter Server
NVD
CVSS 3.0
9.0
EPSS
0.9%
CVE-2017-11694 CRITICAL Act Now

MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Medhost Document Management System
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2017-11693 CRITICAL Act Now

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Medhost Document Management System
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2017-11646 HIGH This Week

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF 4Gt101W Software 4Gt101W Bootloader
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-6257 HIGH This Week

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-11714 HIGH PATCH This Week

psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Ghostscript Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-11719 HIGH PATCH This Week

The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-6256 HIGH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6255 HIGH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6254 HIGH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6253 HIGH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6252 HIGH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6251 HIGH This Week

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Authentication Bypass Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11717 HIGH This Week

MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Metinfo
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-11706 HIGH This Week

The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Boozt
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-5191 MEDIUM This Month

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Rated medium severity (CVSS 6.7). No vendor patch available.

Race Condition VMware Privilege Escalation Tools
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-11722 MEDIUM PATCH This Month

The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Graphicsmagick
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-6260 MEDIUM This Month

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-6259 MEDIUM This Month

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-11183 MEDIUM This Month

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Glpi
NVD GitHub
CVSS 3.0
4.9
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy