Skip to main content
CVE-2017-17090 HIGH POC THREAT Act Now

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.6%.

Information Disclosure Certified Asterisk Asterisk
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
80.6%
Threat
5.4
CVE-2017-17095 HIGH POC This Week

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libtiff
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.0%
CVE-2017-17091 HIGH PATCH This Week

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass PHP
NVD GitHub
CVSS 3.0
8.8
EPSS
4.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy