Skip to main content
CVE-2017-16651 HIGH POC KEV PATCH THREAT Act Now

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass Path Traversal Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
33.3%
Threat
5.6
CVE-2015-7501 CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java Red Hat Data Grid +14
NVD
CVSS 3.0
9.8
EPSS
71.5%
Threat
4.1
CVE-2017-16669 HIGH POC PATCH This Week

coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-16757 HIGH POC This Week

Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vpn
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-16671 HIGH This Week

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asterisk Certified Asterisk
NVD
CVSS 3.0
8.8
EPSS
3.6%
CVE-2017-16758 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Ultimate Instagram Feed
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-16674 HIGH PATCH This Week

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command. Rated high severity (CVSS 8.0).

Microsoft Information Disclosure Windows Agent
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-16672 MEDIUM This Month

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 3.0
5.9
EPSS
5.3%
CVE-2017-16759 MEDIUM PATCH This Month

The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Librenms
NVD GitHub
CVSS 3.0
5.9
EPSS
0.0%
CVE-2017-16711 MEDIUM This Month

The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-16673 MEDIUM PATCH This Month

Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Backup Agent
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy