Skip to main content
CVE-2017-13872 HIGH POC THREAT Act Now

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 76.7%.

Apple Authentication Bypass Mac Os X
NVD GitHub Exploit-DB
CVSS 3.0
8.1
EPSS
76.7%
Threat
5.4
CVE-2017-17058 HIGH POC THREAT Act Now

The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 42.9%.

Path Traversal WordPress Woocommerce
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
42.9%
Threat
4.3
CVE-2017-17050 HIGH POC This Week

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Vir It Explorer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17049 HIGH POC This Week

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Vir It Explorer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14378 CRITICAL Act Now

EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rsa Authentication Agent Api For C Rsa Authentication Agent Sdk For C
NVD
CVSS 3.0
10.0
EPSS
2.0%
CVE-2017-14377 CRITICAL Act Now

EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Authentication Agent For Web
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2017-17059 MEDIUM POC This Month

XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Amtythumb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-14186 MEDIUM POC This Month

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.0
5.4
EPSS
3.0%
CVE-2017-8817 CRITICAL Act Now

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2017-8818 CRITICAL PATCH Act Now

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Curl Libcurl
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-14189 CRITICAL Act Now

An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Fortinet Information Disclosure Fortiweb Manager
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-8816 CRITICAL Act Now

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2017-14591 CRITICAL Act Now

Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Atlassian Crucible Fisheye
NVD
CVSS 3.0
9.0
EPSS
0.7%
CVE-2017-17052 HIGH PATCH This Week

The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Use After Free Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-17053 HIGH PATCH This Week

The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Use After Free Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2017-17054 MEDIUM PATCH This Month

In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Aubio
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy