Skip to main content
CVE-2017-15275 HIGH Act Now

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3% and no vendor patch available.

Buffer Overflow Samba Ubuntu Linux Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.1
7.5
EPSS
43.3%
CVE-2017-16957 HIGH POC This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr300 Firmware Tl Wvr302 Firmware Tl Wvr450 Firmware +48
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2017-16958 HIGH POC This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr300 Firmware Tl Wvr302 Firmware Tl Wvr450 Firmware +48
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-15055 HIGH POC PATCH This Week

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-15054 HIGH POC PATCH This Week

An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Teampass
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-14176 HIGH PATCH GHSA This Week

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Ubuntu Linux Bazaar
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2017-16960 HIGH This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Er5510G Tl Er5520G Tl Er6120G +51
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-1001004 HIGH PATCH This Week

typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Typed Function
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-16955 HIGH This Week

SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Inlinks
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1000207 HIGH PATCH This Week

A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Swagger Codegen Swagger Parser
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-0910 HIGH PATCH This Week

In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Zulip Server
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-8038 HIGH This Week

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Credhub Release
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-8028 HIGH PATCH This Week

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Java Spring Ldap Debian Linux
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2017-15114 HIGH PATCH This Week

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Openstack Platform
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2017-4995 HIGH PATCH This Week

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java RCE Spring Security
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2017-1000159 HIGH PATCH This Week

Command injection in evince via filename when printing to PDF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Evince
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-14390 HIGH This Week

In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-14585 HIGH This Week

A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE Hipchat Data Center Hipchat Server
NVD
CVSS 3.0
7.2
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy