Skip to main content

CWE-417

Communication Channel Errors

10 CVEs Avg CVSS 6.9 MITRE
3
CRITICAL
3
HIGH
2
MEDIUM
2
LOW
2
POC
0
KEV

Monthly

CVE-2019-9855 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure Libreoffice Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-14318 MEDIUM POC PATCH This Month

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Crypto
NVD GitHub
CVSS 3.0
5.9
EPSS
3.2%
CVE-2018-14900 HIGH POC This Week

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wf 2750 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-6556 LOW PATCH Monitor

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Ubuntu Linux Lxc Caas Platform Openstack Cloud +2
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2018-5254 HIGH This Week

Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Eos
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-8822 LOW Monitor

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tor Debian Linux
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-2712 MEDIUM This Month

S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure S3300 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1000197 CRITICAL PATCH Act Now

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure October
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-6520 CRITICAL Act Now

The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Soundtouch 30
NVD
CVSS 3.0
9.1
EPSS
0.6%
CVE-2016-9879 Maven HIGH PATCH This Week

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass IBM Java Apache +2
NVD
CVSS 3.0
7.5
EPSS
0.3%
EPSS 3% CVSS 9.8
CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure +2
NVD
EPSS 3% CVSS 5.9
MEDIUM POC PATCH This Month

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Crypto
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wf 2750 Firmware
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Ubuntu Linux Lxc +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Eos
NVD
EPSS 0% CVSS 3.7
LOW Monitor

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tor Debian Linux
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure S3300 Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure October
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Soundtouch 30
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass IBM +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy