Skip to main content
CVE-2015-4455 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.3%.

RCE WordPress PHP File Upload Aviary Image Editor Add On For Gravity Forms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.3%
Threat
5.9
CVE-2015-5609 CRITICAL POC Act Now

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Image Export
NVD
CVSS 3.0
9.1
EPSS
1.2%
CVE-2016-9843 CRITICAL Act Now

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

Information Disclosure Zlib Leap Opensuse Debian Linux +20
NVD GitHub
CVSS 3.1
9.8
EPSS
15.1%
CVE-2016-9841 CRITICAL Act Now

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.5% and no vendor patch available.

Information Disclosure Zlib Leap Opensuse Debian Linux +35
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
13.5%
CVE-2017-9214 CRITICAL PATCH Act Now

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Openvswitch Debian Linux Openstack +2
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2016-7978 CRITICAL PATCH Act Now

Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Ghostscript
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2016-7979 CRITICAL PATCH Act Now

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Ghostscript
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-5178 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Leap Opensuse +4
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-6131 CRITICAL Act Now

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +6
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-6821 CRITICAL Act Now

Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zimbra Collaboration Suite
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-6813 CRITICAL Act Now

A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-9170 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9153 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9151 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9192 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9191 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9173 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9172 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9169 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9168 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9167 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9160 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9200 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9171 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9162 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9152 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9199 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9198 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9197 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9196 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9195 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9194 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9193 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9188 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "left shift ... Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9187 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9186 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9185 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9184 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9183 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9166 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9165 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9164 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9163 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9161 CRITICAL Act Now

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Autotrace
NVD
CVSS 3.0
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy