Skip to main content
CVE-2017-5941 CRITICAL POC THREAT Emergency

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.9%.

Deserialization Node.js RCE Node Serialize
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.9%
Threat
5.8
CVE-2016-9244 HIGH POC THREAT Act Now

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.5%.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +6
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
67.5%
Threat
5.0
CVE-2015-6024 CRITICAL POC THREAT Emergency

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.3%.

Command Injection Hspa 3G10Wve Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
49.3%
Threat
4.9
CVE-2016-2148 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.8%.

Buffer Overflow Busybox Debian Linux Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
15.8%
CVE-2017-3807 HIGH POC THREAT Act Now

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.2%.

Buffer Overflow Cisco Adaptive Security Appliance Software
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
17.2%
CVE-2015-6023 HIGH POC THREAT Act Now

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.6%.

Authentication Bypass Hspa 3G10Wve Firmware
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
21.6%
CVE-2016-2147 HIGH POC PATCH This Week

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Busybox Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
8.3%
CVE-2015-8832 HIGH POC PATCH This Week

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Dotclear
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-5180 HIGH POC This Week

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Firejail
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-3813 HIGH POC This Week

A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.2%
CVE-2016-10190 CRITICAL PATCH Act Now

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2%.

Buffer Overflow RCE Ffmpeg
NVD GitHub
CVSS 3.0
9.8
EPSS
10.2%
CVE-2016-10191 CRITICAL PATCH Act Now

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Ffmpeg
NVD GitHub
CVSS 3.0
9.8
EPSS
8.7%
CVE-2016-10192 CRITICAL PATCH Act Now

Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Ffmpeg
NVD GitHub
CVSS 3.0
9.8
EPSS
4.8%
CVE-2015-8831 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Dotclear
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2017-5591 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Sleekxmpp Slixmpp Poezio
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2017-5592 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Profanity
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2017-5590 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Chatsecure Zom
NVD GitHub
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-5606 MEDIUM POC This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Xabber
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2016-5726 CRITICAL PATCH Act Now

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Simple Machines Forum
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-5603 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Jitsi
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5858 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Converse Js
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5605 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Movim
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5604 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Mcabber
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5602 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Jappix
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-5593 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Psi
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-5589 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google Information Disclosure Bruno Yaxim
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-6171 HIGH PATCH This Week

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Knot Dns
NVD GitHub
CVSS 3.1
8.6
EPSS
2.1%
CVE-2017-5843 HIGH PATCH This Week

Multiple use-after-free vulnerabilities exist in GStreamer's handling of MXF (Material eXchange Format) media files, affecting versions prior to 1.10.3. Remote attackers can exploit these flaws by crafting malicious MXF files that trigger memory corruption in functions handling stream tags (gst_mini_object_unref, gst_tag_list_unref, and gst_mxf_demux_update_essence_tracks), causing application crashes and denial of service. With an EPSS score of 7.13% (91st percentile), this vulnerability has moderate real-world exploitation probability, though no KEV listing indicates limited active exploitation.

Denial Of Service Memory Corruption Use After Free
NVD VulDB
CVSS 3.0
7.5
EPSS
7.1%
CVE-2016-5727 HIGH PATCH This Week

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Simple Machines Forum
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-5840 HIGH PATCH This Week

A buffer overflow vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to cause denial of service through out-of-bounds heap memory reads. The vulnerability affects GStreamer versions before 1.10.3 and can be triggered by processing specially crafted MP4 files, making it a concern for applications that process untrusted media content. With an EPSS score of 6.86% (91st percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
6.9%
CVE-2017-5940 HIGH PATCH This Week

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Firejail
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-5848 HIGH PATCH This Week

This is an out-of-bounds read vulnerability in GStreamer's gst-plugins-bad MPEG demuxer component that allows remote attackers to crash applications by sending specially crafted MPEG Program Stream Map (PSM) data. The vulnerability affects GStreamer installations across multiple Linux distributions including Debian 8.0/9.0 and Red Hat Enterprise Linux 7.x variants. With an EPSS score of 6.52% (91st percentile), this vulnerability has a moderately elevated probability of exploitation in the wild, though no active exploitation or KEV listing is indicated.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
6.5%
CVE-2016-6173 HIGH This Week

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nsd
NVD GitHub
CVSS 3.0
7.5
EPSS
3.4%
CVE-2016-10199 HIGH PATCH This Week

A memory safety vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to trigger an out-of-bounds read when processing malformed tag values in media files. The vulnerability affects GStreamer versions before 1.10.3 and can cause application crashes when parsing specially crafted MP4/MOV files. With an EPSS score of 3.13% (87th percentile), this vulnerability has moderate exploitation likelihood in the wild.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-5845 HIGH PATCH This Week

A memory safety vulnerability in the AVI demuxer component of GStreamer allows remote attackers to crash applications by providing a malformed AVI file with a malicious ncdt sub-tag. GStreamer versions before 1.10.3 are affected across multiple distributions. With an EPSS score of 3.11% (87th percentile), this vulnerability has moderate real-world exploitation probability, though no active exploitation (KEV listing) has been reported.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-5841 HIGH PATCH This Week

An out-of-bounds heap read vulnerability exists in the gst_avi_demux_parse_ncdt function within the GStreamer gst-plugins-good component when parsing malformed AVI files containing crafted ncdt tags. GStreamer versions prior to 1.10.3 are affected, allowing remote attackers to cause denial of service without authentication or user interaction. With an EPSS score of 3.11% (87th percentile), the vulnerability shows moderate real-world exploitation likelihood, and patches are available from the vendor.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-5847 HIGH PATCH This Week

A buffer overflow vulnerability in GStreamer's ASF demuxer component allows remote attackers to trigger out-of-bounds heap reads when processing malformed extended content descriptors in ASF media files. The vulnerability affects GStreamer gst-plugins-ugly and can cause denial of service through application crashes when parsing specially crafted media content. With an EPSS score of 3.07% (87th percentile), this vulnerability has moderate real-world exploitation likelihood but no known active exploitation in the wild.

Denial Of Service Buffer Overflow Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
3.1%
CVE-2017-5839 HIGH This Week

A stack overflow vulnerability exists in the GStreamer multimedia framework's RIFF media handling component, where improper recursion limits when processing nested WAVEFORMATEX structures can cause denial of service crashes. The vulnerability affects GStreamer versions before 1.10.3 and allows remote attackers to crash applications using the framework without authentication. With an EPSS score of 3.04% (87th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it is limited to denial of service impact only.

Denial Of Service
NVD VulDB
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-5838 HIGH PATCH This Week

A heap buffer overflow vulnerability exists in GStreamer multimedia framework versions before 1.10.3, where malformed ISO8601 datetime strings can trigger out-of-bounds memory reads. The vulnerability affects the gst_date_time_new_from_iso8601_string function and allows remote attackers to cause denial of service conditions without requiring authentication. With an EPSS score of 2.76% (86th percentile), this vulnerability has above-average likelihood of exploitation, though it is not currently listed in CISA KEV.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
2.8%
CVE-2016-4986 HIGH PATCH This Week

Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jenkins Tap
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2016-8494 HIGH This Week

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Connect
NVD
CVSS 3.0
7.2
EPSS
1.1%
CVE-2016-3102 HIGH PATCH This Week

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Jenkins Script Security
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-5634 MEDIUM This Month

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Norwegian Air Kiosk
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2016-4987 MEDIUM PATCH This Month

Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jenkins Image Gallery
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2015-8936 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Squidguard
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4988 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Jenkins Build Failure Analyzer
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2017-5846 MEDIUM This Month

A out-of-bounds read vulnerability exists in GStreamer's ASF demuxer (gst-plugins-ugly) that allows remote attackers to trigger a denial of service by crafting malicious video files with specially crafted extended stream properties containing an invalid number of languages. GStreamer versions before 1.10.3 are affected, and the vulnerability is triggered through local user interaction with a malicious media file, resulting in application crashes due to invalid memory access. While EPSS scoring indicates relatively low exploitation probability (0.80%, 74th percentile), this is a straightforward denial of service with clear triggering mechanisms.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2017-5842 MEDIUM PATCH This Month

A out-of-bounds write vulnerability exists in the SAMI subtitle parser (samiparse.c) within GStreamer's gst-plugins-base library before version 1.10.3, triggered when processing maliciously crafted SMI subtitle files. The vulnerability allows remote attackers to cause a denial of service condition by crashing the application through memory corruption. With an EPSS score of 0.80% (74th percentile), patch availability from the vendor, and documented proof-of-concept files (OneNote_Manager.smi), this represents a low-to-moderate exploitation risk despite the moderate CVSS 5.5 score.

Denial Of Service Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-10198 MEDIUM PATCH This Month

An invalid memory read vulnerability exists in the gst_aac_parse_sink_setcaps function within GStreamer's AAC audio parser component (gst-plugins-good). Remote attackers can trigger a denial of service by providing a specially crafted AAC audio file, causing the application to crash. With an EPSS score of 0.76% (73rd percentile) and low attack complexity requiring only user interaction to open a malicious file, this vulnerability represents a moderate practical risk despite the moderate CVSS 5.5 score.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2017-5844 MEDIUM PATCH This Month

A floating point exception vulnerability exists in GStreamer's gst_riff_create_audio_caps function within gst-plugins-base versions prior to 1.10.3, allowing remote attackers to trigger a denial of service crash by supplying a specially crafted ASF (Advanced Systems Format) audio file. The vulnerability requires user interaction (file opening) but no elevated privileges, making it exploitable through common media playback scenarios. With an EPSS score of 0.72 (72nd percentile) and confirmed patch availability from the vendor, this represents a moderate real-world risk primarily affecting applications and systems that process untrusted media files.

Denial Of Service
NVD VulDB
CVSS 3.0
5.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy