Skip to main content
CVE-2017-17405 HIGH POC PATCH THREAT Act Now

Ruby before 2.4.3 allows Net::FTP command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 88.6%.

Command Injection Ruby Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
88.6%
Threat
5.9
CVE-2017-12373 MEDIUM POC THREAT This Month

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 66.9%.

Oracle Cisco Information Disclosure Adaptive Security Appliance 5505 Firmware Adaptive Security Appliance 5510 Firmware +3
NVD
CVSS 3.0
5.9
EPSS
66.9%
Threat
4.7
CVE-2017-17670 HIGH POC CISA Act Now

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Vlc Media Player Debian Linux
NVD
CVSS 3.0
8.8
EPSS
1.3%
Threat
5.3
CVE-2017-17701 CRITICAL POC Act Now

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-17700 CRITICAL POC Act Now

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-17699 CRITICAL POC Act Now

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-17695 HIGH POC This Week

Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Techno Portfolio Management Panel
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-17697 HIGH POC This Week

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Harbor
NVD GitHub
CVSS 3.1
8.6
EPSS
0.3%
CVE-2017-16776 HIGH POC This Week

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Conserus Workflow Intelligence
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2017-16787 MEDIUM POC This Month

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lantime Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
9.2%
CVE-2017-14101 CRITICAL Act Now

A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Conserus Image Repository
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-17694 MEDIUM POC This Month

Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Techno Portfolio Management Panel
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14184 HIGH This Week

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Fortinet Information Disclosure Forticlient Forticlient Sslvpn Client
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-17696 MEDIUM POC This Month

Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Techno Portfolio Management Panel
NVD GitHub
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-17693 MEDIUM POC This Month

Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Techno Portfolio Management Panel
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-16788 HIGH This Week

Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Lantime Firmware
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2017-17698 MEDIUM This Month

Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Password Manager Pro
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2017-17556 MEDIUM This Month

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Synaptics Touchpad Driver
NVD
CVSS 3.0
5.1
EPSS
0.1%
CVE-2017-15890 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Mailplus Server
NVD
CVSS 3.0
4.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy