Skip to main content
CVE-2017-3163 HIGH PATCH Act Now

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9%.

Path Traversal Apache Solr
NVD
CVSS 3.0
7.5
EPSS
11.9%
CVE-2017-1440 HIGH PATCH This Week

IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM Emptoris Services Procurement
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2017-14041 HIGH PATCH This Week

A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service RCE Openjpeg +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2017-14040 HIGH PATCH This Week

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Openjpeg Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2017-12704 HIGH This Week

A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Webaccess
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-14039 HIGH PATCH This Week

A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Openjpeg Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2016-4462 HIGH This Week

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Ofbiz
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-12702 HIGH This Week

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webaccess
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-1442 HIGH PATCH This Week

IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Emptoris Services Procurement
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-12069 HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 Wincc Local Discovery Server +1
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-14032 HIGH PATCH This Week

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.0
8.1
EPSS
0.1%
CVE-2017-12717 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-13774 HIGH This Week

Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Hikvision Information Disclosure Ivms 4200
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12713 HIGH This Week

An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12711 HIGH This Week

An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11157 HIGH This Week

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Synology Microsoft Cloud Station Backup
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-13765 HIGH PATCH This Week

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-13780 HIGH This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-12710 HIGH This Week

A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-13764 HIGH PATCH This Week

In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-12734 HIGH PATCH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Logo 8 Bm Fs 05 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-13763 HIGH PATCH This Week

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Onos
NVD VulDB
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-13766 HIGH PATCH This Week

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-13767 HIGH PATCH This Week

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-12735 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy