Skip to main content
CVE-2017-11657 HIGH POC This Week

Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dashlane
NVD Exploit-DB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2017-10949 HIGH Act Now

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.0% and no vendor patch available.

Path Traversal Dell Information Disclosure Storage Manager 2016
NVD
CVSS 3.0
7.5
EPSS
18.0%
CVE-2017-12413 MEDIUM POC This Month

AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 2100 Network Camera Firmware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-9107 CRITICAL Act Now

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Opmanager
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-10817 CRITICAL Act Now

MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Malion
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2017-10816 CRITICAL Act Now

SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Malion
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2017-12424 CRITICAL PATCH Act Now

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Shadow Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-10818 CRITICAL Act Now

MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Malion
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2017-10815 HIGH This Week

MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Malion
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2017-12448 HIGH PATCH This Week

The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free RCE Binutils
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-12459 HIGH PATCH This Week

The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption RCE Binutils
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-12450 HIGH PATCH This Week

The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption RCE Binutils
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-12458 HIGH PATCH This Week

The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12456 HIGH PATCH This Week

The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12454 HIGH PATCH This Week

The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12453 HIGH PATCH This Week

The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12452 HIGH PATCH This Week

The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12451 HIGH PATCH This Week

The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12449 HIGH PATCH This Week

The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12455 HIGH PATCH This Week

The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12457 HIGH PATCH This Week

The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12482 HIGH This Week

The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ledger
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-12481 HIGH This Week

The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ledger
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-10820 HIGH This Week

Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ip Messenger
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2221 HIGH This Week

Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Baidu Ime
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12425 HIGH This Week

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Varnish Varnish Cache
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-12435 HIGH PATCH This Week

In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-12430 HIGH PATCH This Week

In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-12429 HIGH PATCH This Week

In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-12428 HIGH PATCH This Week

In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-12418 HIGH PATCH This Week

ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-12432 MEDIUM PATCH This Month

In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-12427 MEDIUM PATCH This Month

The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-12434 MEDIUM PATCH This Month

In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12431 MEDIUM PATCH This Month

In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12433 MEDIUM PATCH This Month

In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-10819 MEDIUM This Month

MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Malion
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-1331 MEDIUM PATCH This Month

IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Content Navigator
NVD
CVSS 3.0
5.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy