Skip to main content
CVE-2017-2988 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.9%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
60.9%
Threat
5.1
CVE-2017-2985 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
52.4%
Threat
4.8
CVE-2017-2992 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.1%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
38.1%
Threat
4.4
CVE-2017-2986 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.1%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
38.1%
Threat
4.4
CVE-2017-5991 HIGH POC THREAT Act Now

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.6%.

Null Pointer Dereference Denial Of Service Mupdf Debian Linux
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
17.6%
CVE-2016-8866 HIGH POC PATCH This Week

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Leap Opensuse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2016-6079 HIGH POC PATCH This Week

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Aix Vios
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.0%
CVE-2015-8979 HIGH POC PATCH This Week

Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Debian Linux Dcmtk
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2016-8972 HIGH POC PATCH This Week

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Aix Vios
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-8693 HIGH POC PATCH This Week

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Jasper Opensuse Fedora
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-9560 HIGH POC PATCH This Week

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Jasper Debian Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-0313 HIGH POC This Week

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Nvidia Microsoft Gpu Driver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0312 HIGH POC This Week

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-2995 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Adobe RCE Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2017-2984 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2017-2987 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Adobe Flash Player Flash Player Desktop Runtime
NVD
CVSS 3.1
8.8
EPSS
7.3%
CVE-2017-2994 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2017-2996 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2017-2990 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2017-2993 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2017-2982 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2017-2991 HIGH PATCH This Week

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2016-8862 HIGH PATCH This Week

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2016-8677 HIGH PATCH This Week

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Opensuse Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2016-6033 HIGH PATCH This Week

IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF IBM Tivoli Storage Manager For Virtual Environments Data Protection For Vmware Tivoli Storage Flashcopy Manager For Vmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-3801 HIGH This Week

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Computing System Director
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-0321 HIGH This Week

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-0309 HIGH This Week

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-0308 HIGH This Week

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-0311 HIGH This Week

NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-5992 HIGH PATCH This Week

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Openpyxl
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2017-2981 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2980 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2979 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2978 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2977 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2976 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2975 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-2974 HIGH This Week

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2016-8684 HIGH PATCH This Week

The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Graphicsmagick Opensuse Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2016-8683 HIGH PATCH This Week

The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Graphicsmagick Opensuse Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-8682 HIGH PATCH This Week

The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Graphicsmagick Opensuse +1
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2016-10089 HIGH This Week

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1881 HIGH This Week

The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Freebsd
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-1889 HIGH This Week

Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Freebsd
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-1883 HIGH This Week

The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Freebsd
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-1880 HIGH This Week

The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Privilege Escalation Freebsd
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0324 HIGH This Week

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0323 HIGH This Week

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0322 HIGH This Week

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy