Skip to main content
CVE-2017-11662 HIGH POC THREAT Act Now

The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.2%.

Buffer Overflow Denial Of Service Information Disclosure Wildmidi
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
14.2%
CVE-2017-11661 HIGH POC THREAT Act Now

The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Buffer Overflow Denial Of Service Information Disclosure Wildmidi
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.3%
CVE-2017-7556 HIGH PATCH This Week

Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Hawtio
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6710 HIGH This Week

A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Virtual Network Function Element Manager
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2017-6768 HIGH This Week

A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Application Policy Infrastructure Controller
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6771 HIGH This Week

A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Framework
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6767 HIGH This Week

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation Application Policy Infrastructure Controller
NVD
CVSS 3.0
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy