Skip to main content
CVE-2017-17090 HIGH POC THREAT Act Now

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.6%.

Information Disclosure Certified Asterisk Asterisk
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
80.6%
Threat
5.4
CVE-2017-17095 HIGH POC This Week

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libtiff
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.0%
CVE-2017-17092 MEDIUM POC PATCH This Month

wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
4.1%
CVE-2017-17091 HIGH PATCH This Week

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass PHP
NVD GitHub
CVSS 3.0
8.8
EPSS
4.5%
CVE-2017-17094 MEDIUM PATCH This Month

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
6.6%
CVE-2017-17093 MEDIUM PATCH This Month

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
6.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy