Skip to main content
CVE-2017-7964 CRITICAL POC Act Now

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Wre6505 Firmware
NVD
CVSS 3.0
10.0
EPSS
2.7%
CVE-2017-7961 HIGH POC PATCH This Week

The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Libcroco
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2017-7948 HIGH POC This Week

Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow Ghostscript
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-7962 MEDIUM POC PATCH This Month

The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imageworsener
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-7960 MEDIUM POC PATCH This Month

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libcroco
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7975 HIGH This Week

Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service Jbig2Dec
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-7963 HIGH This Week

The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-7979 HIGH PATCH This Week

The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7850 HIGH This Week

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nessus
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7978 HIGH This Week

Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2013-7463 HIGH This Week

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aescrypt
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-7976 HIGH This Week

Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Jbig2Dec
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2016-7537 MEDIUM PATCH This Month

MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2014-9907 MEDIUM PATCH This Month

coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2016-7529 MEDIUM PATCH This Month

coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2016-7533 MEDIUM PATCH This Month

The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-7528 MEDIUM PATCH This Month

The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-7522 MEDIUM PATCH This Month

The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-7515 MEDIUM PATCH This Month

The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-7531 MEDIUM PATCH This Month

MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2016-7519 MEDIUM PATCH This Month

The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-5410 MEDIUM PATCH This Month

firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Firewalld Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-7849 MEDIUM This Month

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nessus
NVD
CVSS 3.0
5.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy