Skip to main content
CVE-2017-12635 CRITICAL POC THREAT Emergency

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.1%.

Apache Privilege Escalation RCE Couchdb
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
94.1%
Threat
6.3
CVE-2017-12636 HIGH POC THREAT Act Now

CouchDB administrative users can configure the database server via HTTP(S). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.8%.

Apache Command Injection Couchdb
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
93.8%
Threat
5.8
CVE-2017-16820 CRITICAL PATCH Act Now

The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Collectd
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2017-10269 CRITICAL PATCH Act Now

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle Tuxedo
NVD
CVSS 3.0
10.0
EPSS
2.1%
CVE-2017-10272 CRITICAL PATCH Act Now

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Oracle Tuxedo
NVD
CVSS 3.0
9.9
EPSS
1.3%
CVE-2017-9085 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Insite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6274 CRITICAL Act Now

An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-3891 CRITICAL Act Now

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2017-16810 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Octopus Deploy
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-6264 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow RCE Google Nvidia Information Disclosure +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-10267 HIGH PATCH This Week

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Tuxedo
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-6275 HIGH This Week

An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-10278 HIGH PATCH This Week

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Authentication Bypass Oracle Tuxedo
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2017-16239 MEDIUM PATCH This Month

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nova
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12624 MEDIUM PATCH This Month

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Apache Cxf
NVD
CVSS 3.0
5.5
EPSS
3.6%
CVE-2017-16815 MEDIUM This Month

installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Duplicator
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-9394 MEDIUM This Month

A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Identity Governance
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-10266 MEDIUM PATCH This Month

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Information Disclosure Tuxedo
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2017-9369 LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2017-3892 LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2017-9371 LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able. Rated low severity (CVSS 2.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
2.6
EPSS
0.2%
CVE-2017-3893 LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with. Rated low severity (CVSS 1.9). No vendor patch available.

Buffer Overflow Qnx Software Development Platform
NVD
CVSS 3.1
1.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy