Skip to main content
CVE-2017-11381 CRITICAL PATCH Act Now

A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.5%.

Trend Micro Command Injection Deep Discovery Director
NVD
CVSS 3.0
9.8
EPSS
18.5%
CVE-2017-11552 MEDIUM POC This Month

mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mad Libmad
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
7.1%
CVE-2017-8663 HIGH PATCH Act Now

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 18.2%.

Buffer Overflow RCE Microsoft Outlook
NVD
CVSS 3.0
7.8
EPSS
18.2%
CVE-2017-8571 HIGH PATCH Act Now

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 14.4%.

Microsoft Authentication Bypass Outlook
NVD
CVSS 3.0
7.8
EPSS
14.4%
CVE-2017-12065 CRITICAL PATCH Act Now

spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Cacti
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-12062 MEDIUM POC PATCH This Month

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Mantisbt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-12131 MEDIUM POC This Month

The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Testimonials
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12068 MEDIUM POC This Month

The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Event List
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11380 CRITICAL PATCH Act Now

Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Trend Micro Authentication Bypass Deep Discovery Director
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-4923 CRITICAL PATCH Act Now

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Vcenter Server
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-11129 CRITICAL Act Now

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Heinekingmedia
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-8572 MEDIUM PATCH This Month

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 20.4%.

Microsoft Information Disclosure Outlook
NVD
CVSS 3.0
5.5
EPSS
20.4%
CVE-2017-4921 HIGH PATCH This Week

VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

VMware Privilege Escalation Vcenter Server
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-11130 HIGH This Week

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Heinekingmedia
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-12064 HIGH PATCH This Week

The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Openemr
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-12067 HIGH This Week

Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Potrace
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-11135 HIGH This Week

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Authentication Bypass Heinekingmedia
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-11379 HIGH PATCH This Week

Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Deep Discovery Director
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-11133 HIGH This Week

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Heinekingmedia
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11132 HIGH This Week

An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Stashcat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2017-4922 MEDIUM PATCH This Month

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Vcenter Server
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-11134 MEDIUM This Month

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Heinekingmedia
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-11136 MEDIUM This Month

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Heinekingmedia
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-12061 MEDIUM PATCH This Month

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Mantisbt
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2017-1500 MEDIUM This Month

A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Mobilefirst Platform Foundation Worklight
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12132 MEDIUM PATCH This Month

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Glibc
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-11131 MEDIUM This Month

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Heinekingmedia
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-12066 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Cacti
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5059 MEDIUM PATCH This Month

The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy