CVE-2017-9064
- EPSS 1.74%
- Veröffentlicht 18.05.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
CVE-2017-9065
- EPSS 4.08%
- Veröffentlicht 18.05.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
CVE-2017-9066
- EPSS 3.67%
- Veröffentlicht 18.05.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
CVE-2017-7493
- EPSS 0.37%
- Veröffentlicht 17.05.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest us...
CVE-2017-8849
- EPSS 1.95%
- Veröffentlicht 17.05.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
CVE-2017-7487
- EPSS 0.4%
- Veröffentlicht 14.05.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR io...
CVE-2017-8924
- EPSS 0.48%
- Veröffentlicht 12.05.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device ...
CVE-2017-8925
- EPSS 0.42%
- Veröffentlicht 12.05.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVE-2017-8890
- EPSS 1.37%
- Veröffentlicht 10.05.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
CVE-2017-8844
- EPSS 1.6%
- Veröffentlicht 08.05.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.