Skip to main content
CVE-2017-16352 HIGH POC THREAT Act Now

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.4%.

Buffer Overflow Graphicsmagick Debian Linux
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
31.4%
Threat
4.2
CVE-2017-16353 MEDIUM POC THREAT This Month

GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.3%.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
32.3%
CVE-2017-16244 HIGH POC PATCH This Week

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF October
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-15918 HIGH POC This Week

Sera 1.2 stores the user's login password in plain text in their home directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sera
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-16357 HIGH POC PATCH This Week

In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14375 CRITICAL Act Now

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emc Unisphere Solutions Enabler Vasa Vmax Emanagement
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-1000121 CRITICAL PATCH Act Now

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Apple Buffer Overflow Webkitgtk
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-14027 CRITICAL Act Now

A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jetnet5018G Firmware Jetnet5310G Firmware Jetnet5428G 2G 2Fx Firmware Jetnet5628G Firmware +5
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14021 CRITICAL Act Now

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jetnet5018G Firmware Jetnet5310G Firmware Jetnet5428G 2G 2Fx Firmware Jetnet5628G Firmware +5
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-1000245 CRITICAL PATCH Act Now

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure SSH
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-16359 MEDIUM POC PATCH This Month

In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-15535 CRITICAL Act Now

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2017-1300 HIGH PATCH This Week

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Openpages Grc Platform
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1000244 HIGH PATCH This Week

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Favorite
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-15566 HIGH This Week

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Slurm
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-16358 HIGH PATCH This Week

In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14376 HIGH This Week

EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Appsync
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-16248 HIGH This Week

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Catalyst Plugin Static Simple
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14992 MEDIUM PATCH This Month

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Docker
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1553 MEDIUM PATCH This Month

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1290 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Openpages Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1147 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Openpages Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3048 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Openpages Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1001001 MEDIUM This Month

PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pluxml
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1552 MEDIUM PATCH This Month

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1554 MEDIUM PATCH This Month

IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Biginsights
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1000122 MEDIUM This Month

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Webkitgtk
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-1148 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Openpages Grc Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1333 MEDIUM PATCH This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Openpages Grc Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1340 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2017-12625 MEDIUM PATCH This Month

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Hive
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-1000243 MEDIUM PATCH This Month

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Jenkins Favorite Plugin
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2017-1000242 LOW PATCH Monitor

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Git Client
NVD
CVSS 3.0
3.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy