CVEs classified under CWE-417, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2019-9855 — CVSS 9.8 (critical): LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands…
CVE-2017-1000197 — CVSS 9.8 (critical): October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on…
CVE-2017-7480 — CVSS 9.8 (critical): rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential…
CVE-2017-6520 — CVSS 9.1 (critical): The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are…
CVE-2017-3969 — CVSS 8.2 (high): Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows…
CVE-2017-7760 — CVSS 7.8 (high): The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the…
CVE-2018-14900 — CVSS 7.5 (high): On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the…
CVE-2018-5254 — CVSS 7.5 (high): Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an…
CVE-2016-9879 — CVSS 7.5 (high): An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not…
CVE-2018-8929 — CVSS 7.3 (high): Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before…
CVE-2019-14318 — CVSS 5.9 (medium): Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to…
CVE-2017-2712 — CVSS 5.3 (medium): S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency…
CVE-2017-8822 — CVSS 3.7 (low): In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays…
CVE-2018-6556 — CVSS 3.3 (low): lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an…