Skip to main content
CVE-2017-17562 HIGH POC KEV PATCH THREAT Act Now

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
94.3%
Threat
7.4
CVE-2017-11907 HIGH POC PATCH THREAT Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 76.2%.

Buffer Overflow Microsoft Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
76.2%
Threat
5.3
CVE-2017-11911 HIGH POC PATCH THREAT Act Now

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.0%.

Buffer Overflow RCE Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
74.0%
Threat
5.2
CVE-2017-11909 HIGH POC PATCH THREAT Act Now

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.0%.

Buffer Overflow RCE Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
74.0%
Threat
5.2
CVE-2017-11893 HIGH POC PATCH THREAT Act Now

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.0%.

Buffer Overflow RCE Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
74.0%
Threat
5.2
CVE-2017-11918 HIGH POC PATCH THREAT Act Now

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 73.4%.

Buffer Overflow Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
73.4%
Threat
5.2
CVE-2017-11914 HIGH POC PATCH THREAT Act Now

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 73.4%.

Buffer Overflow Microsoft Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
73.4%
Threat
5.2
CVE-2017-11903 HIGH POC PATCH THREAT Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 60.8%.

Buffer Overflow Microsoft Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
60.8%
Threat
4.8
CVE-2017-11890 HIGH POC PATCH THREAT Act Now

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 59.4%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
59.4%
Threat
4.8
CVE-2017-11935 HIGH PATCH Act Now

Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Buffer Overflow RCE Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
32.4%
CVE-2017-11912 HIGH PATCH Act Now

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 32.0%.

Buffer Overflow Microsoft Chakracore Edge Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
32.0%
CVE-2017-11895 HIGH PATCH Act Now

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 32.0%.

Buffer Overflow Microsoft Chakracore Internet Explorer Edge
NVD
CVSS 3.0
7.5
EPSS
32.0%
CVE-2017-11894 HIGH PATCH Act Now

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 32.0%.

Buffer Overflow Microsoft Chakracore Internet Explorer Edge
NVD
CVSS 3.0
7.5
EPSS
32.0%
CVE-2017-11910 HIGH PATCH Act Now

ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.4%.

Buffer Overflow RCE Microsoft Chakracore Edge
NVD
CVSS 3.0
7.5
EPSS
24.4%
CVE-2017-11908 HIGH PATCH Act Now

ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.4%.

Buffer Overflow RCE Microsoft Chakracore Edge
NVD
CVSS 3.0
7.5
EPSS
24.4%
CVE-2017-11905 HIGH PATCH Act Now

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.4%.

Buffer Overflow RCE Microsoft Chakracore Edge
NVD
CVSS 3.0
7.5
EPSS
24.4%
CVE-2017-11889 HIGH PATCH Act Now

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.4%.

Buffer Overflow RCE Microsoft Chakracore Edge
NVD
CVSS 3.0
7.5
EPSS
24.4%
CVE-2017-11916 HIGH PATCH Act Now

ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.9%.

Buffer Overflow RCE Chakracore
NVD
CVSS 3.0
7.5
EPSS
23.9%
CVE-2017-5717 HIGH POC This Week

Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Intel Information Disclosure Graphics Driver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-11936 HIGH PATCH Act Now

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.0%.

Microsoft Information Disclosure Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
15.0%
CVE-2017-11930 HIGH PATCH Act Now

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Chakracore Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-11913 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-11901 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-11888 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-11886 HIGH PATCH Act Now

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-17561 HIGH POC This Week

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Seacms
NVD GitHub
CVSS 3.0
7.2
EPSS
0.6%
CVE-2017-11932 HIGH PATCH Act Now

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.8%.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.0
8.1
EPSS
14.8%
CVE-2017-16689 HIGH This Week

A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Sap Kernel
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-16690 HIGH This Week

A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Plant Connectivity
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-17566 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. Rated high severity (CVSS 7.8).

Denial Of Service Xen
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-17564 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference. Rated high severity (CVSS 7.8).

Denial Of Service Xen
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-17563 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count. Rated high severity (CVSS 7.8). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-16680 HIGH This Week

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Hana Extended Application Services
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-16682 HIGH This Week

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP Netweaver Internet Transaction Server Business Application Software Integrated Solution
NVD
CVSS 3.0
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy