Skip to main content
CVE-2017-8779 HIGH POC PATCH THREAT Act Now

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.4%.

Denial Of Service Rpcbind Libtirpc Ntirpc
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
81.4%
Threat
5.4
CVE-2017-3730 HIGH POC PATCH THREAT Act Now

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Null Pointer Dereference Denial Of Service Microsoft OpenSSL Agile Engineering Data Management +5
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
53.0%
Threat
4.6
CVE-2016-7054 HIGH POC PATCH THREAT Act Now

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.8%.

Authentication Bypass OpenSSL
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
24.8%
CVE-2017-3731 HIGH PATCH Act Now

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.6%.

Buffer Overflow OpenSSL Information Disclosure Node Js
NVD GitHub
CVSS 3.1
7.5
EPSS
12.6%
CVE-2017-3733 HIGH This Week

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Operations Agent
NVD GitHub
CVSS 3.0
7.5
EPSS
3.1%
CVE-2016-7053 HIGH This Week

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service OpenSSL
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-8776 HIGH This Week

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Antivirus Pro Internet Security Total Security
NVD
CVSS 3.1
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy