Skip to main content
CVE-2017-11937 HIGH PATCH Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 48.4%.

Buffer Overflow RCE Microsoft Malware Protection Engine
NVD
CVSS 3.0
7.8
EPSS
48.4%
CVE-2017-3737 MEDIUM This Month

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 42.9% and no vendor patch available.

Buffer Overflow OpenSSL Information Disclosure Debian Linux
NVD GitHub
CVSS 3.0
5.9
EPSS
42.9%
CVE-2017-17055 CRITICAL POC Act Now

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Command Injection Artica Proxy
NVD Exploit-DB
CVSS 3.0
9.0
EPSS
3.6%
CVE-2017-17458 CRITICAL PATCH Act Now

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.2%.

RCE Command Injection Mercurial Debian Linux
NVD
CVSS 3.0
9.8
EPSS
17.2%
CVE-2017-17451 MEDIUM POC THREAT This Month

The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%.

XSS WordPress PHP Wp Mailster
NVD
CVSS 3.0
6.1
EPSS
14.3%
CVE-2017-16884 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mistserver
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.2%
CVE-2017-17430 CRITICAL Act Now

Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Netborder Vega Session Firmware
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-17459 HIGH PATCH This Week

http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fossil
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-3738 MEDIUM PATCH This Month

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 15.5%.

Intel OpenSSL Information Disclosure Debian Linux Node Js
NVD GitHub
CVSS 3.1
5.9
EPSS
15.5%
CVE-2017-1356 HIGH This Week

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Atlas Ediscovery Process Management
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-17384 HIGH PATCH This Week

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Ispconfig
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-17435 HIGH This Week

An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vt20I Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17436 HIGH This Week

An issue was discovered in the software on Vaultek Gun Safe VT20i products. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Vt20I Firmware
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-1000410 HIGH PATCH This Week

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Virtualization Host +6
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-17448 HIGH PATCH This Week

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Linux Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-17450 HIGH This Week

net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1271 HIGH This Week

IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1433 MEDIUM This Month

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-1487 MEDIUM This Month

IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-17381 MEDIUM This Month

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-14386 MEDIUM PATCH This Month

The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dell 2355Dn Firmware 2335Dn Firmware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-15121 MEDIUM This Month

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Red Hat Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1498 MEDIUM This Month

IBM Connections 5.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1482 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1354 MEDIUM This Month

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Atlas Ediscovery Process Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1465 MEDIUM This Month

IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-17449 MEDIUM This Month

The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-1336 MEDIUM This Month

IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection IBM Infosphere Biginsights
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2017-1481 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1342 MEDIUM This Month

IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Insights Foundation For Energy
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-1341 LOW Monitor

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Websphere Mq
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-1497 LOW Monitor

IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-1355 LOW Monitor

IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Atlas Ediscovery Process Management
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-1353 LOW Monitor

IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Atlas Ediscovery Process Management
NVD
CVSS 3.0
3.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy