Skip to main content
CVE-2017-1000253 HIGH POC KEV PATCH THREAT Act Now

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Linux
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
54.2%
Threat
6.2
CVE-2017-1000117 HIGH POC THREAT Act Now

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.4%.

Open Redirect Git
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
76.4%
Threat
5.6
CVE-2017-1000112 HIGH POC PATCH THREAT Act Now

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 82.9%.

Buffer Overflow Race Condition Linux Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
82.9%
Threat
5.4
CVE-2017-1000119 HIGH POC THREAT Act Now

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.2%.

RCE PHP File Upload October
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
76.2%
Threat
5.2
CVE-2017-15035 HIGH POC THREAT Act Now

EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Buffer Overflow Denial Of Service Pyrobatchftp
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
23.0%
CVE-2017-12263 HIGH Act Now

A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.4% and no vendor patch available.

Path Traversal Cisco License Manager
NVD
CVSS 3.0
7.5
EPSS
33.4%
CVE-2017-12106 HIGH POC This Week

A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Photoline
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-2880 HIGH POC This Week

An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Photoline
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2017-2920 HIGH POC PATCH This Week

An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Photoline
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2017-15019 HIGH POC This Week

LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Lame
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-1000116 CRITICAL PATCH Act Now

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mercurial Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2017-15041 CRITICAL PATCH Act Now

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Debian Linux Developer Tools Enterprise Linux Eus +3
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2017-13995 CRITICAL Act Now

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ininet Webserver
NVD
CVSS 3.0
10.0
EPSS
1.6%
CVE-2017-15032 CRITICAL PATCH Act Now

ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-8937 CRITICAL PATCH Act Now

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Tivoli Storage Manager
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-13992 HIGH This Week

An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Lvis 3Me Firmware
NVD
CVSS 3.0
8.1
EPSS
8.3%
CVE-2017-14000 CRITICAL Act Now

An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skyrouter Z4200 Firmware Skyrouter Z4400 Firmware
NVD
CVSS 3.0
9.4
EPSS
1.1%
CVE-2017-15018 MEDIUM POC This Month

LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Lame
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2017-12246 HIGH This Week

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
8.6
EPSS
3.3%
CVE-2017-13996 HIGH This Week

A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Lvis 3Me Firmware
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2017-14353 HIGH This Week

A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Code Injection Ucmdb Foundation Software
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-1000120 HIGH This Week

[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Frappe
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-15017 HIGH PATCH This Week

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-15016 HIGH PATCH This Week

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-15015 HIGH PATCH This Week

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-1000107 HIGH PATCH This Week

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Script Security
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-1000096 HIGH PATCH This Week

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Jenkins Pipeline
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1000093 HIGH PATCH This Week

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Poll Scm
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1000090 HIGH PATCH This Week

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Role Based Authorization Strategy
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-12245 HIGH This Week

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Secure Firewall Management Center
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-12244 HIGH This Week

A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco VMware Secure Firewall Management Center
NVD
CVSS 3.0
8.6
EPSS
0.1%
CVE-2017-1000106 HIGH PATCH This Week

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Jenkins Blue Ocean
NVD
CVSS 3.0
8.5
EPSS
0.0%
CVE-2017-15037 HIGH This Week

In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Freebsd
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-1000086 HIGH PATCH This Week

The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

CSRF Authentication Bypass Periodic Backup
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2017-1000115 HIGH PATCH This Week

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mercurial Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-13993 HIGH PATCH This Week

An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Smartlog Diabetes Management Software
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-15020 HIGH PATCH This Week

dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1000111 HIGH This Week

Linux kernel: heap out-of-bounds in AF_PACKET sockets. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Linux Linux Kernel Enterprise Linux +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-12728 HIGH This Week

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Scada Webserver
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-1378 HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM VMware Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-1201 HIGH This Week

IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Security Compliance Analytics
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-12270 HIGH This Week

A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco Ios Xr
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-13998 HIGH This Week

An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Lvis 3Me Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-1000098 HIGH PATCH This Week

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-1000118 HIGH PATCH This Week

Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Http Server
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-15033 HIGH PATCH This Week

ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000097 HIGH PATCH This Week

On Darwin, user's trust preferences for root certificates were not honored. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-1000092 HIGH PATCH This Week

Git Plugin connects to a user-specified Git repository as part of form validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Git
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1000108 HIGH PATCH This Week

The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Pipeline Input Step
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-12732 MEDIUM This Month

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. Rated medium severity (CVSS 6.8). No vendor patch available.

Buffer Overflow RCE Stack Overflow Intelligent Platforms Proficy Hmi Scada Cimplicity
NVD
CVSS 3.0
6.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy