Skip to main content
CVE-2017-11937 HIGH PATCH Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 48.4%.

Buffer Overflow RCE Microsoft Malware Protection Engine
NVD
CVSS 3.0
7.8
EPSS
48.4%
CVE-2017-17459 HIGH PATCH This Week

http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fossil
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-1356 HIGH This Week

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Atlas Ediscovery Process Management
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-17384 HIGH PATCH This Week

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Ispconfig
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-17435 HIGH This Week

An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vt20I Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17436 HIGH This Week

An issue was discovered in the software on Vaultek Gun Safe VT20i products. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Vt20I Firmware
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-1000410 HIGH PATCH This Week

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Virtualization Host +6
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-17448 HIGH PATCH This Week

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Linux Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-17450 HIGH This Week

net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1271 HIGH This Week

IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy