Skip to main content
CVE-2016-9244 HIGH POC THREAT Act Now

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.5%.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +6
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
67.5%
Threat
5.0
CVE-2017-3807 HIGH POC THREAT Act Now

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.2%.

Buffer Overflow Cisco Adaptive Security Appliance Software
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
17.2%
CVE-2015-6023 HIGH POC THREAT Act Now

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.6%.

Authentication Bypass Hspa 3G10Wve Firmware
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
21.6%
CVE-2016-2147 HIGH POC PATCH This Week

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Busybox Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
8.3%
CVE-2015-8832 HIGH POC PATCH This Week

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Dotclear
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-5180 HIGH POC This Week

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Firejail
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-3813 HIGH POC This Week

A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.2%
CVE-2016-6171 HIGH PATCH This Week

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Knot Dns
NVD GitHub
CVSS 3.1
8.6
EPSS
2.1%
CVE-2017-5843 HIGH PATCH This Week

Multiple use-after-free vulnerabilities exist in GStreamer's handling of MXF (Material eXchange Format) media files, affecting versions prior to 1.10.3. Remote attackers can exploit these flaws by crafting malicious MXF files that trigger memory corruption in functions handling stream tags (gst_mini_object_unref, gst_tag_list_unref, and gst_mxf_demux_update_essence_tracks), causing application crashes and denial of service. With an EPSS score of 7.13% (91st percentile), this vulnerability has moderate real-world exploitation probability, though no KEV listing indicates limited active exploitation.

Denial Of Service Memory Corruption Use After Free
NVD VulDB
CVSS 3.0
7.5
EPSS
7.1%
CVE-2016-5727 HIGH PATCH This Week

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Simple Machines Forum
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-5840 HIGH PATCH This Week

A buffer overflow vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to cause denial of service through out-of-bounds heap memory reads. The vulnerability affects GStreamer versions before 1.10.3 and can be triggered by processing specially crafted MP4 files, making it a concern for applications that process untrusted media content. With an EPSS score of 6.86% (91st percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
6.9%
CVE-2017-5940 HIGH PATCH This Week

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Firejail
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-5848 HIGH PATCH This Week

This is an out-of-bounds read vulnerability in GStreamer's gst-plugins-bad MPEG demuxer component that allows remote attackers to crash applications by sending specially crafted MPEG Program Stream Map (PSM) data. The vulnerability affects GStreamer installations across multiple Linux distributions including Debian 8.0/9.0 and Red Hat Enterprise Linux 7.x variants. With an EPSS score of 6.52% (91st percentile), this vulnerability has a moderately elevated probability of exploitation in the wild, though no active exploitation or KEV listing is indicated.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
6.5%
CVE-2016-6173 HIGH This Week

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nsd
NVD GitHub
CVSS 3.0
7.5
EPSS
3.4%
CVE-2016-10199 HIGH PATCH This Week

A memory safety vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to trigger an out-of-bounds read when processing malformed tag values in media files. The vulnerability affects GStreamer versions before 1.10.3 and can cause application crashes when parsing specially crafted MP4/MOV files. With an EPSS score of 3.13% (87th percentile), this vulnerability has moderate exploitation likelihood in the wild.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-5845 HIGH PATCH This Week

A memory safety vulnerability in the AVI demuxer component of GStreamer allows remote attackers to crash applications by providing a malformed AVI file with a malicious ncdt sub-tag. GStreamer versions before 1.10.3 are affected across multiple distributions. With an EPSS score of 3.11% (87th percentile), this vulnerability has moderate real-world exploitation probability, though no active exploitation (KEV listing) has been reported.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-5841 HIGH PATCH This Week

An out-of-bounds heap read vulnerability exists in the gst_avi_demux_parse_ncdt function within the GStreamer gst-plugins-good component when parsing malformed AVI files containing crafted ncdt tags. GStreamer versions prior to 1.10.3 are affected, allowing remote attackers to cause denial of service without authentication or user interaction. With an EPSS score of 3.11% (87th percentile), the vulnerability shows moderate real-world exploitation likelihood, and patches are available from the vendor.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-5847 HIGH PATCH This Week

A buffer overflow vulnerability in GStreamer's ASF demuxer component allows remote attackers to trigger out-of-bounds heap reads when processing malformed extended content descriptors in ASF media files. The vulnerability affects GStreamer gst-plugins-ugly and can cause denial of service through application crashes when parsing specially crafted media content. With an EPSS score of 3.07% (87th percentile), this vulnerability has moderate real-world exploitation likelihood but no known active exploitation in the wild.

Denial Of Service Buffer Overflow Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
3.1%
CVE-2017-5839 HIGH This Week

A stack overflow vulnerability exists in the GStreamer multimedia framework's RIFF media handling component, where improper recursion limits when processing nested WAVEFORMATEX structures can cause denial of service crashes. The vulnerability affects GStreamer versions before 1.10.3 and allows remote attackers to crash applications using the framework without authentication. With an EPSS score of 3.04% (87th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it is limited to denial of service impact only.

Denial Of Service
NVD VulDB
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-5838 HIGH PATCH This Week

A heap buffer overflow vulnerability exists in GStreamer multimedia framework versions before 1.10.3, where malformed ISO8601 datetime strings can trigger out-of-bounds memory reads. The vulnerability affects the gst_date_time_new_from_iso8601_string function and allows remote attackers to cause denial of service conditions without requiring authentication. With an EPSS score of 2.76% (86th percentile), this vulnerability has above-average likelihood of exploitation, though it is not currently listed in CISA KEV.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
7.5
EPSS
2.8%
CVE-2016-4986 HIGH PATCH This Week

Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jenkins Tap
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2016-8494 HIGH This Week

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Connect
NVD
CVSS 3.0
7.2
EPSS
1.1%
CVE-2016-3102 HIGH PATCH This Week

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Jenkins Script Security
NVD
CVSS 3.0
7.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy