Skip to main content
CVE-2017-16943 CRITICAL POC PATCH THREAT Act Now

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.9%.

Denial Of Service Memory Corruption Use After Free RCE Exim +1
NVD GitHub
CVSS 3.0
9.8
EPSS
76.9%
Threat
5.8
CVE-2017-16944 HIGH POC THREAT Act Now

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.0%.

Denial Of Service Exim Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
76.0%
Threat
5.3
CVE-2017-16941 HIGH This Week

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload October
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-16942 MEDIUM This Month

In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libsndfile
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-16946 MEDIUM PATCH This Month

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.0
4.9
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy