Skip to main content
CVE-2017-15275 HIGH Act Now

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3% and no vendor patch available.

Buffer Overflow Samba Ubuntu Linux Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.1
7.5
EPSS
43.3%
CVE-2017-14746 CRITICAL Emergency

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.3% and no vendor patch available.

Memory Corruption Use After Free RCE Samba Ubuntu Linux +4
NVD
CVSS 3.1
9.8
EPSS
31.3%
CVE-2017-16957 HIGH POC This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr300 Firmware Tl Wvr302 Firmware Tl Wvr450 Firmware +48
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2017-16958 HIGH POC This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr300 Firmware Tl Wvr302 Firmware Tl Wvr450 Firmware +48
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-15055 HIGH POC PATCH This Week

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-15054 HIGH POC PATCH This Week

An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Teampass
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-1000214 CRITICAL Act Now

GitPHP by xiphux is vulnerable to OS Command Injections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gitphp
NVD GitHub
CVSS 3.0
9.8
EPSS
7.2%
CVE-2017-16959 MEDIUM POC This Month

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Path Traversal Tl Wvr300 Firmware Tl Wvr302 Firmware Tl Wvr450 Firmware +48
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-16961 MEDIUM POC This Month

A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bigtree Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-16994 MEDIUM POC PATCH This Month

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
4.8%
CVE-2017-8045 CRITICAL PATCH Act Now

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java RCE Spring Advanced Message Queuing Protocol
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-14586 CRITICAL Act Now

The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Hipchat
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2017-16962 MEDIUM POC This Month

The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Google Communigate Pro
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-16956 MEDIUM POC This Month

b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symphony
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1001002 CRITICAL PATCH Act Now

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Math Js
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-1001003 CRITICAL PATCH Act Now

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mathjs
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-15051 MEDIUM POC PATCH This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-14176 HIGH PATCH GHSA This Week

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Ubuntu Linux Bazaar
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2017-16960 HIGH This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Er5510G Tl Er5520G Tl Er6120G +51
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-1001004 HIGH PATCH This Week

typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Typed Function
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-15053 MEDIUM POC PATCH This Month

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-15052 MEDIUM POC PATCH This Month

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-16955 HIGH This Week

SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Inlinks
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1000207 HIGH PATCH This Week

A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Swagger Codegen Swagger Parser
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-0910 HIGH PATCH This Week

In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Zulip Server
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-8038 HIGH This Week

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Credhub Release
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-8028 HIGH PATCH This Week

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Java Spring Ldap Debian Linux
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2017-15114 HIGH PATCH This Week

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Openstack Platform
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2017-4995 HIGH PATCH This Week

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java RCE Spring Security
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2017-1000159 HIGH PATCH This Week

Command injection in evince via filename when printing to PDF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Evince
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-14390 HIGH This Week

In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-14585 HIGH This Week

A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE Hipchat Data Center Hipchat Server
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2017-9316 MEDIUM PATCH This Month

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

RCE Authentication Bypass Dahua Nvr11Hs Firmware Ipc Hdw4300S Firmware +7
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2017-1628 MEDIUM This Month

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-15100 MEDIUM PATCH This Month

An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Foreman Satellite Satellite Capsule
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-8044 MEDIUM This Month

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Single Sign On For Pivotal Cloud Foundry
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-8039 MEDIUM PATCH This Month

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Spring Web Flow
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-1689 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1688 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1678 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1650 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1607 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1593 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1560 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1461 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-8031 MEDIUM PATCH This Month

An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Cf Release Uaa Release
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2017-1283 MEDIUM This Month

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-1484 MEDIUM This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Commerce
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1570 MEDIUM This Month

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1240 MEDIUM This Month

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy