Skip to main content
CVE-2017-12240 CRITICAL KEV THREAT Emergency

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 12.3%.

Cisco Buffer Overflow Denial Of Service RCE Apple
NVD
CVSS 3.1
9.8
EPSS
12.3%
CVE-2017-12231 HIGH KEV THREAT Act Now

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2017-12234 HIGH KEV THREAT Act Now

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2017-12233 HIGH KEV THREAT Act Now

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2017-12237 HIGH KEV THREAT Act Now

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Microsoft Apple
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2017-12235 HIGH KEV THREAT Act Now

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2017-12238 MEDIUM KEV THREAT This Month

A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2017-12232 MEDIUM KEV THREAT This Month

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2017-14507 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Content Timeline
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
7.9%
CVE-2017-12229 CRITICAL Act Now

A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco Ios Xe
NVD
CVSS 3.0
9.8
EPSS
9.3%
CVE-2017-12236 CRITICAL Act Now

A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco Ios Xe
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2017-14867 HIGH This Week

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Git Debian Linux
NVD
CVSS 3.0
8.8
EPSS
6.5%
CVE-2015-1027 MEDIUM POC This Month

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Toolkit Xtrabackup
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-7552 CRITICAL Act Now

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mobile Application Platform
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-12226 HIGH This Week

A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Privilege Escalation Ios Xe
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2017-14861 MEDIUM POC This Month

There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14860 MEDIUM POC This Month

There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14863 MEDIUM POC This Month

A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14866 MEDIUM POC This Month

There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14858 MEDIUM POC This Month

There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14857 MEDIUM POC This Month

In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14864 MEDIUM POC This Month

An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2 Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-14862 MEDIUM POC This Month

An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2 Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-14859 MEDIUM POC This Month

An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2 Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-12230 HIGH This Week

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Privilege Escalation Ios Xe
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-8448 HIGH This Week

An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass X Pack
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2014-2029 HIGH PATCH This Week

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

RCE Information Disclosure Toolkit
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-7687 HIGH PATCH This Week

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Mesos
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2017-9790 HIGH PATCH This Week

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Apache Memory Corruption Denial Of Service Use After Free Mesos
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-12239 MEDIUM This Month

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Privilege Escalation Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2017-12222 MEDIUM This Month

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Ios Xe
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-8447 MEDIUM This Month

An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass X Pack
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-7553 MEDIUM This Month

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mobile Application Platform
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2017-10701 MEDIUM This Month

Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Enterprise Portal
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-11479 MEDIUM This Month

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7554 MEDIUM PATCH This Month

It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mobile Application Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12228 MEDIUM This Month

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass Cisco Information Disclosure iOS +1
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-8444 MEDIUM This Month

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Cloud Enterprise
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-14865 MEDIUM This Month

There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy