Skip to main content
CVE-2016-8386 HIGH POC This Week

An exploitable heap-based buffer overflow exists in Iceni Argus. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Argus
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-8385 HIGH POC This Week

An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Argus
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-5927 HIGH POC This Week

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A64 Athlon Ii 640 X4 E 350 Fx 8120 8 Core +16
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-5926 HIGH POC This Week

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure A64 Athlon Ii 640 X4 E 350 +17
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-5925 HIGH POC This Week

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Intel Information Disclosure A64 Athlon Ii 640 X4 E 350 +17
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-5946 CRITICAL PATCH Act Now

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rubyzip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.9%
CVE-2015-8903 MEDIUM POC PATCH This Month

The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2015-8901 MEDIUM POC This Month

ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2015-8902 MEDIUM POC This Month

The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-6350 CRITICAL PATCH Act Now

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Vim
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-6344 MEDIUM POC This Month

XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Pdf Plugin
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-6349 CRITICAL PATCH Act Now

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Vim
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-6297 MEDIUM POC This Month

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-6342 CRITICAL Act Now

An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Dahua Camera Firmware Nvr Firmware Smartpss Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-8900 MEDIUM POC PATCH This Month

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-2682 HIGH This Week

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens CSRF Ruggedcom Network Management Software
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6343 HIGH This Week

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Dahua Camera Firmware Nvr Firmware Smartpss Firmware
NVD
CVSS 3.0
8.1
EPSS
2.3%
CVE-2017-2683 HIGH This Week

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Network Management Software
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-8387 HIGH This Week

An exploitable heap-based buffer overflow exists in Iceni Argus. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Argus
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-9818 MEDIUM PATCH This Month

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Authentication Bypass Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-9817 MEDIUM PATCH This Month

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Authentication Bypass Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-8105 MEDIUM This Month

Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel X710 Series Driver Xl710 Series Driver
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-9816 MEDIUM PATCH This Month

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Authentication Bypass Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-9815 MEDIUM PATCH This Month

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Authentication Bypass Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6341 MEDIUM This Month

Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dahua Camera Firmware Nvr Firmware Smartpss Firmware
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2016-5240 MEDIUM This Month

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Graphicsmagick
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2016-10028 MEDIUM PATCH This Month

The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-10029 MEDIUM PATCH This Month

The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-5928 LOW Monitor

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure High Resolution Time Api
NVD
CVSS 3.1
3.7
EPSS
0.6%
CVE-2016-7553 LOW PATCH Monitor

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Buf Pl
NVD GitHub
CVSS 3.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy