Skip to main content
CVE-2017-1000405 HIGH POC This Week

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Linux Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
7.6%
CVE-2017-14949 HIGH POC PATCH This Week

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Restlet
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14198 HIGH This Week

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Matrix
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2017-12631 HIGH PATCH This Week

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Java Apache Cxf Fediz
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-12343 HIGH This Week

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-14196 HIGH This Week

An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Matrix
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-14868 HIGH PATCH This Week

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Restlet
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-17065 HIGH This Week

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service D-Link Dir 605L Model B Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-1000406 HIGH This Week

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Karaf
NVD
CVSS 3.0
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy