Skip to main content
CVE-2017-17562 HIGH POC KEV PATCH THREAT Act Now

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
94.3%
Threat
7.4
CVE-2017-17560 CRITICAL POC THREAT Emergency

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 83.4%.

RCE Authentication Bypass PHP My Cloud Pr4100 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
83.4%
Threat
6.0
CVE-2017-11907 HIGH POC PATCH THREAT Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 76.2%.

Buffer Overflow Microsoft Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
76.2%
Threat
5.3
CVE-2017-1000385 MEDIUM POC THREAT This Month

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 83.9%.

Information Disclosure Erlang Otp Debian Linux
NVD
CVSS 3.0
5.9
EPSS
83.9%
Threat
5.2
CVE-2017-11911 HIGH POC PATCH THREAT Act Now

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.0%.

Buffer Overflow RCE Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
74.0%
Threat
5.2
CVE-2017-11909 HIGH POC PATCH THREAT Act Now

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.0%.

Buffer Overflow RCE Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
74.0%
Threat
5.2
CVE-2017-11893 HIGH POC PATCH THREAT Act Now

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.0%.

Buffer Overflow RCE Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
74.0%
Threat
5.2
CVE-2017-11918 HIGH POC PATCH THREAT Act Now

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 73.4%.

Buffer Overflow Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
73.4%
Threat
5.2
CVE-2017-11914 HIGH POC PATCH THREAT Act Now

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 73.4%.

Buffer Overflow Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
73.4%
Threat
5.2
CVE-2017-11903 HIGH POC PATCH THREAT Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 60.8%.

Buffer Overflow Microsoft Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
60.8%
Threat
4.8
CVE-2017-11885 MEDIUM POC PATCH THREAT This Month

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.7%.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
6.6
EPSS
64.7%
Threat
4.8
CVE-2017-11890 HIGH POC PATCH THREAT Act Now

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 59.4%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
59.4%
Threat
4.8
CVE-2017-11906 MEDIUM POC PATCH THREAT This Month

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 58.9%.

Microsoft Information Disclosure Internet Explorer
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
58.9%
Threat
4.3
CVE-2017-11935 HIGH PATCH Act Now

Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Buffer Overflow RCE Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
32.4%
CVE-2017-11912 HIGH PATCH Act Now

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 32.0%.

Buffer Overflow Microsoft Chakracore Edge Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
32.0%
CVE-2017-11895 HIGH PATCH Act Now

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 32.0%.

Buffer Overflow Microsoft Chakracore Internet Explorer Edge
NVD
CVSS 3.0
7.5
EPSS
32.0%
CVE-2017-11894 HIGH PATCH Act Now

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 32.0%.

Buffer Overflow Microsoft Chakracore Internet Explorer Edge
NVD
CVSS 3.0
7.5
EPSS
32.0%
CVE-2017-11899 CRITICAL PATCH Act Now

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.2%.

Microsoft Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.0
9.8
EPSS
20.2%
CVE-2017-11910 HIGH PATCH Act Now

ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.4%.

Buffer Overflow RCE Microsoft Chakracore Edge
NVD
CVSS 3.0
7.5
EPSS
24.4%
CVE-2017-11908 HIGH PATCH Act Now

ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.4%.

Buffer Overflow RCE Microsoft Chakracore Edge
NVD
CVSS 3.0
7.5
EPSS
24.4%
CVE-2017-11905 HIGH PATCH Act Now

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.4%.

Buffer Overflow RCE Microsoft Chakracore Edge
NVD
CVSS 3.0
7.5
EPSS
24.4%
CVE-2017-11889 HIGH PATCH Act Now

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.4%.

Buffer Overflow RCE Microsoft Chakracore Edge
NVD
CVSS 3.0
7.5
EPSS
24.4%
CVE-2017-11916 HIGH PATCH Act Now

ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.9%.

Buffer Overflow RCE Chakracore
NVD
CVSS 3.0
7.5
EPSS
23.9%
CVE-2017-5717 HIGH POC This Week

Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Intel Information Disclosure Graphics Driver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-11936 HIGH PATCH Act Now

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.0%.

Microsoft Information Disclosure Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
15.0%
CVE-2017-11930 HIGH PATCH Act Now

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Chakracore Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-11913 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-11901 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-11888 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-11886 HIGH PATCH Act Now

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-17561 HIGH POC This Week

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Seacms
NVD GitHub
CVSS 3.0
7.2
EPSS
0.6%
CVE-2017-11932 HIGH PATCH Act Now

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.8%.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.0
8.1
EPSS
14.8%
CVE-2017-11919 MEDIUM PATCH This Month

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 25.6%.

Microsoft Information Disclosure Chakracore Internet Explorer Edge
NVD
CVSS 3.0
5.3
EPSS
25.6%
CVE-2017-11887 MEDIUM PATCH This Month

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 25.6%.

Microsoft Information Disclosure Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
25.6%
CVE-2017-11927 MEDIUM PATCH This Month

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.6%.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
6.5
EPSS
18.6%
CVE-2017-11934 MEDIUM PATCH This Month

Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 23.5%.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
5.5
EPSS
23.5%
CVE-2017-16684 CRITICAL Act Now

SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Business Intelligence Promotion Management Application
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-16689 HIGH This Week

A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Sap Kernel
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-16690 HIGH This Week

A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Plant Connectivity
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-17566 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. Rated high severity (CVSS 7.8).

Denial Of Service Xen
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-17564 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference. Rated high severity (CVSS 7.8).

Denial Of Service Xen
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-17563 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count. Rated high severity (CVSS 7.8). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-16680 HIGH This Week

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Hana Extended Application Services
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-16682 HIGH This Week

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP Netweaver Internet Transaction Server Business Application Software Integrated Solution
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2017-11939 MEDIUM PATCH This Month

Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2017-17558 MEDIUM PATCH This Month

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux Denial Of Service Linux Kernel +1
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16683 MEDIUM This Month

Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Businessobjects
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-16691 MEDIUM This Month

SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Application Software Integrated Solution
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-17555 MEDIUM PATCH This Month

The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Aubio Ffmpeg Libswresample
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12155 MEDIUM PATCH This Month

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. Rated medium severity (CVSS 6.3). This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Ceph
NVD
CVSS 3.0
6.3
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy