Skip to main content
CVE-2017-12617 HIGH POC KEV PATCH THREAT Act Now

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Apache Tomcat File Upload
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
94.4%
Threat
7.5
CVE-2017-11122 HIGH POC This Week

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Broadcom Information Disclosure Bcm4355C0 Firmware Iphone Os Tvos
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-15010 HIGH PATCH This Week

A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Node.js Tough Cookie
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2017-0806 HIGH PATCH This Week

An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Google Android
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2017-0809 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-0811 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libhevc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-0810 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-8048 HIGH This Week

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cf Release Capi Release
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-0812 HIGH PATCH This Week

An elevation of privilege vulnerability in the Android media framework (audio hal). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0827 HIGH This Week

An elevation of privilege vulnerability in the MediaTek soc driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0826 HIGH This Week

An elevation of privilege vulnerability in the HTC bootloader. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12818 HIGH This Week

Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sentinel Ldk Rte Firmware
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-12820 HIGH This Week

Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sentinel Ldk Rte Firmware
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-0814 HIGH PATCH This Week

An information disclosure vulnerability in the Android media framework (n/a). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-15011 HIGH This Week

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Qt
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-0820 HIGH PATCH This Week

A vulnerability in the Android media framework (n/a). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-0813 HIGH PATCH This Week

A denial of service vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-0823 HIGH PATCH This Week

An information disclosure vulnerability in the Android system (rild). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-0819 HIGH PATCH This Week

A vulnerability in the Android media framework (n/a). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-0818 HIGH PATCH This Week

A vulnerability in the Android media framework (n/a). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-0817 HIGH PATCH This Week

An information disclosure vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-0808 HIGH PATCH This Week

An information disclosure vulnerability in the Android framework (file system). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-0825 HIGH This Week

An information disclosure vulnerability in the Broadcom wifi driver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Broadcom Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1541 HIGH This Week

A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
CVSS 3.0
7.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy