Skip to main content
CVE-2017-1000170 HIGH POC THREAT Act Now

jqueryFileTree 2.1.5 and older Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.0%.

Path Traversal Jqueryfiletree
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
90.0%
Threat
5.7
CVE-2017-16877 HIGH POC PATCH THREAT Act Now

ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.8%.

Path Traversal Next.js
NVD GitHub
CVSS 3.0
7.5
EPSS
80.8%
Threat
5.4
CVE-2017-6168 HIGH POC THREAT Act Now

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 76.2%.

Information Disclosure Big Ip Ltm Big Ip Application Acceleration Manager Big Ip Afm Big Ip Analytics +5
NVD
CVSS 3.0
7.4
EPSS
76.2%
Threat
5.3
CVE-2017-1000238 HIGH POC This Week

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Invoiceplane
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-16871 HIGH POC This Week

The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE WordPress Code Injection PHP Updraftplus
NVD GitHub
CVSS 3.0
8.1
EPSS
1.1%
CVE-2017-16870 HIGH POC This Week

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF WordPress PHP Updraftplus
NVD GitHub
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-1000229 HIGH POC This Week

Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Optipng Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-1000125 HIGH POC This Week

Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Codiad
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-1000203 HIGH PATCH This Week

ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Root
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2017-1000217 HIGH PATCH This Week

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Opencast
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-1000208 HIGH PATCH This Week

A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Swagger Codegen Swagger Parser
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-4934 HIGH PATCH This Week

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Fusion
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1000241 HIGH This Week

The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Openemr
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-16869 HIGH This Week

p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Upx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-4939 HIGH This Week

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE VMware Workstation
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-1000187 HIGH This Week

In SWFTools, an address access exception was found in pdf2swf. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-10887 HIGH This Week

Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Book Walker
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4937 HIGH PATCH This Week

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8).

Denial Of Service Buffer Overflow Microsoft Information Disclosure VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4935 HIGH PATCH This Week

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8).

Denial Of Service Buffer Overflow Microsoft Memory Corruption VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4936 HIGH PATCH This Week

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8).

Denial Of Service Buffer Overflow Microsoft Information Disclosure VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4927 HIGH This Week

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service LDAP Code Injection VMware Vcenter Server
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-1000189 HIGH PATCH This Week

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ejs
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-16875 HIGH This Week

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pjsip
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-13703 HIGH This Week

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Eds G512E Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-1000200 HIGH PATCH This Week

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Tcmu Runner
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-1000230 HIGH This Week

The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Snap7 Server
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000198 HIGH PATCH This Week

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Tcmu Runner
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000129 HIGH This Week

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Serendipity
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000199 HIGH This Week

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tcmu Runner
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000191 HIGH This Week

Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jool
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000247 HIGH PATCH This Week

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Apache Codeigniter
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-1000195 HIGH PATCH This Week

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP October
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-4928 HIGH PATCH This Week

The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SSRF CSRF Information Disclosure Vcenter Server
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-14111 HIGH This Week

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Intellispace Cardiovascular Xcelera
NVD
CVSS 3.0
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy