Skip to main content
CVE-2017-13099 HIGH POC PATCH THREAT Act Now

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 78.7%.

Microsoft Information Disclosure Oracle Wolfssl Scalance W1750D Firmware +1
NVD GitHub
CVSS 3.0
7.5
EPSS
78.7%
Threat
5.4
CVE-2017-13098 HIGH POC PATCH THREAT Act Now

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.2%.

Microsoft Information Disclosure Java Oracle Bc Java
NVD GitHub
CVSS 3.0
7.5
EPSS
66.2%
Threat
5.0
CVE-2017-17538 HIGH POC THREAT Act Now

MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%.

Denial Of Service Mikrotik Router Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
22.3%
CVE-2017-17593 HIGH POC THREAT Act Now

Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

PHP File Upload Simple Chatting System
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
16.2%
CVE-2017-17615 HIGH POC This Week

Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Facebook Clone Script
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-17537 HIGH POC This Week

MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routerboard
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-1635 HIGH Act Now

IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Memory Corruption IBM Use After Free RCE Tivoli Monitoring
NVD
CVSS 3.0
8.0
EPSS
18.2%
CVE-2017-17568 HIGH POC This Week

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Posty Readymade Classifieds
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-17567 HIGH POC This Week

Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Posty Readymade Classifieds
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-5534 HIGH This Week

The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tibbr
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-17665 HIGH This Week

In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Octopus Deploy
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-5530 HIGH This Week

The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Tibbr
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-14361 HIGH This Week

Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Project And Portfolio Management
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2017-14362 HIGH This Week

Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Project And Portfolio Management
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-7738 HIGH This Week

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.0
7.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy