Skip to main content
CVE-2017-2988 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.9%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
60.9%
Threat
5.1
CVE-2017-2985 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
52.4%
Threat
4.8
CVE-2017-2992 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.1%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
38.1%
Threat
4.4
CVE-2017-2986 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.1%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
38.1%
Threat
4.4
CVE-2013-7459 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%.

Buffer Overflow RCE Python Pycrypto Fedora
NVD GitHub
CVSS 3.0
9.8
EPSS
14.5%
CVE-2017-5991 HIGH POC THREAT Act Now

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.6%.

Null Pointer Dereference Denial Of Service Mupdf Debian Linux
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
17.6%
CVE-2016-3694 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Shopsoftware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-8866 HIGH POC PATCH This Week

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Leap Opensuse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-2973 CRITICAL Act Now

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.

Buffer Overflow RCE Adobe Digital Editions
NVD
CVSS 3.0
9.8
EPSS
13.3%
CVE-2016-6079 HIGH POC PATCH This Week

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Aix Vios
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.0%
CVE-2015-8979 HIGH POC PATCH This Week

Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Debian Linux Dcmtk
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2016-8972 HIGH POC PATCH This Week

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Aix Vios
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-8693 HIGH POC PATCH This Week

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Jasper Opensuse Fedora
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-9560 HIGH POC PATCH This Week

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Jasper Debian Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-0313 HIGH POC This Week

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Nvidia Microsoft Gpu Driver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0312 HIGH POC This Week

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-8680 MEDIUM POC PATCH This Month

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-8679 MEDIUM POC PATCH This Month

The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-2995 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Adobe RCE Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2017-2984 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2017-2987 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Adobe Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
8.8
EPSS
7.3%
CVE-2017-5990 MEDIUM POC PATCH This Month

An issue was discovered in PhreeBooksERP before 2017-02-13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Phreebookserp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-0360 CRITICAL Act Now

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization IBM Java Websphere Mq Jms
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-2968 CRITICAL Act Now

Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Code Injection Campaign
NVD
CVSS 3.0
9.1
EPSS
3.0%
CVE-2016-8681 MEDIUM POC PATCH This Month

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libdwarf
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2016-8692 MEDIUM POC PATCH This Month

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jasper Fedora Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-8691 MEDIUM POC PATCH This Month

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jasper Debian Linux Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-8690 MEDIUM POC PATCH This Month

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jasper Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-6832 MEDIUM POC This Month

Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libav
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-2994 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2017-2996 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2017-2990 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2017-2993 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2017-2982 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2016-9706 CRITICAL PATCH Act Now

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Integration Bus Websphere Message Broker
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2017-2991 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2016-8862 HIGH PATCH This Week

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2016-8677 HIGH PATCH This Week

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Opensuse Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2016-6033 HIGH PATCH This Week

IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF IBM Tivoli Storage Manager For Virtual Environments Data Protection For Vmware Tivoli Storage Flashcopy Manager For Vmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-3801 HIGH This Week

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Computing System Director
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-0321 HIGH This Week

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-0309 HIGH This Week

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-0308 HIGH This Week

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-0311 HIGH This Week

NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-5992 HIGH PATCH This Week

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Openpyxl
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2017-2981 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2980 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2979 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2978 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2977 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy