Skip to main content
CVE-2017-5359 HIGH POC THREAT Act Now

EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 37.4%.

Denial Of Service Sql Iplug
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
37.4%
Threat
4.1
CVE-2017-6827 HIGH Act Now

Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 33.8% and no vendor patch available.

Buffer Overflow Audiofile
NVD
CVSS 3.0
7.8
EPSS
33.8%
CVE-2017-6366 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Netgear Dgn2200 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6060 HIGH POC This Week

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mupdf Debian Linux
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.9%
CVE-2016-10197 HIGH POC PATCH This Week

The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Debian Linux Libevent
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2017-6429 HIGH POC PATCH This Week

Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2016-10249 HIGH POC PATCH This Week

Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Jasper
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-10251 HIGH POC PATCH This Week

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Jasper
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-10250 HIGH POC PATCH This Week

The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jasper
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-10196 HIGH POC PATCH This Week

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service Debian Linux Libevent +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2016-10248 HIGH POC PATCH This Week

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jasper
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6438 HIGH POC This Week

Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Libplist
NVD GitHub
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-6828 HIGH Act Now

Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 17.2% and no vendor patch available.

Buffer Overflow Audiofile
NVD
CVSS 3.0
7.8
EPSS
17.2%
CVE-2017-6914 HIGH POC PATCH This Week

CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-3854 HIGH This Week

A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Wireless Lan Controller Firmware Wireless Lan Controller Software
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2017-3819 HIGH This Week

A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Asr 5000 Series Software Virtualized Packet Core
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-3846 HIGH This Week

A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Tidal Enterprise Scheduler
NVD
CVSS 3.0
8.6
EPSS
0.2%
CVE-2015-8982 HIGH PATCH This Week

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Integer Overflow RCE Denial Of Service Buffer Overflow Glibc
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2016-10168 HIGH PATCH This Week

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libgd
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-6852 HIGH PATCH This Week

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Jasper
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-6843 HIGH This Week

Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Podofo
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-6844 HIGH This Week

Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Podofo
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2015-8895 HIGH PATCH This Week

Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-6189 HIGH This Week

Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Kindle For Pc
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-5580 HIGH PATCH This Week

The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Virglrenderer
NVD
CVSS 3.0
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy