Skip to main content
CVE-2017-15882 HIGH POC This Week

The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Private Internet Access
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-5996 HIGH This Week

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Support
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-7341 HIGH This Week

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlc
NVD
CVSS 3.0
7.2
EPSS
2.5%
CVE-2017-12159 HIGH PATCH This Week

It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Information Disclosure Single Sign On Keycloak
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-15908 HIGH PATCH This Week

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Systemd Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-3771 HIGH This Week

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Thinkcentre M710S Firmware Thinkcentre M710T Firmware Aio E95 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-12160 HIGH PATCH This Week

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Keycloak
NVD
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy