Skip to main content
CVE-2017-0290 HIGH POC PATCH THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.8%.

Buffer Overflow RCE Microsoft Forefront Security Malware Protection Engine +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
87.8%
Threat
5.7
CVE-2017-3068 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.5%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
68.5%
Threat
5.3
CVE-2017-3074 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3072 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3070 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3069 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3073 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Buffer Overflow RCE Adobe +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-3071 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +5
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2016-9251 HIGH This Week

In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +6
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-3067 HIGH This Week

Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Experience Manager Forms
NVD
CVSS 3.0
7.5
EPSS
4.5%
CVE-2017-8854 HIGH PATCH This Week

wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Wolfssl
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0344 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Privilege Escalation Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0351 HIGH This Week

All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0350 HIGH This Week

All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0349 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0348 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0347 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0346 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0345 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0342 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0341 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Microsoft Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0352 HIGH This Week

All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Gpu Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-9253 HIGH This Week

In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +6
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-8853 HIGH PATCH This Week

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Fiyo Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-6799 HIGH PATCH This Week

Product: Apache Cordova Android 5.2.2 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Apache Information Disclosure Cordova
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-8855 HIGH PATCH This Week

wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9256 HIGH This Week

In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +7
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-0343 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Race Condition Microsoft Nvidia Gpu Driver
NVD
CVSS 3.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy