Skip to main content
CVE-2017-12243 HIGH POC THREAT Act Now

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 40.2%.

Cisco Command Injection Unified Computing System Manager Firmware Firepower 9300 Security Appliance Firmware Firepower 4100 Next Generation Firewall Firmware
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
40.2%
Threat
4.3
CVE-2017-11767 CRITICAL PATCH Act Now

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.2%.

Buffer Overflow Chakracore
NVD
CVSS 3.0
9.8
EPSS
17.2%
CVE-2017-16510 CRITICAL PATCH Act Now

WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi
NVD GitHub
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-12277 HIGH This Week

A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Firepower Extensible Operating System
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-12262 HIGH This Week

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Application Policy Infrastructure Controller Enterprise Module
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-11508 HIGH This Week

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Securitycenter
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-10873 HIGH PATCH This Week

OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Openam
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2017-3736 MEDIUM PATCH This Month

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Intel Amd OpenSSL Information Disclosure
NVD GitHub
CVSS 3.0
6.5
EPSS
8.5%
CVE-2017-12276 HIGH This Week

A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Collaboration Provisioning
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-10870 HIGH PATCH This Week

Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Easy Postcard 2016 Easy Postcard 2017 Easy Postcard 2018 +11
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-10825 HIGH This Week

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flets Easy Setup Tool
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-12261 HIGH This Week

A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Identity Services Engine Identity Services Engine Express Identity Services Engine Virtual Appliance
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-12280 HIGH This Week

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-12281 HIGH This Week

A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Cisco Authentication Bypass Aironet 1800 Firmware Aironet 2800 Firmware Aironet 3800 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-12275 HIGH This Week

A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
7.4
EPSS
0.3%
CVE-2017-12274 MEDIUM This Month

A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet 1562 Firmware Aironet 2800 Firmware Aironet 3800 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-12273 MEDIUM This Month

A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet 1562 Firmware Aironet 2800 Firmware Aironet 3800 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12278 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
6.3
EPSS
0.8%
CVE-2017-12283 MEDIUM This Month

A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Aironet 3800 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-12282 MEDIUM This Month

A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12294 MEDIUM This Month

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12295 MEDIUM This Month

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-12279 MEDIUM This Month

A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Aironet Ap Firmware
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy