Skip to main content
CVE-2015-3315 HIGH POC PATCH Act Now

Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Automatic Bug Reporting Tool
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
5.3%
CVE-2017-9935 HIGH POC This Week

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Information Disclosure Libtiff Ubuntu Linux +1
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-9953 HIGH POC This Week

There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Exiv2 Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9948 HIGH This Week

A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Skype
NVD
CVSS 3.0
8.8
EPSS
4.9%
CVE-2016-8493 HIGH This Week

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Forticlient
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-6662 HIGH This Week

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Cisco Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.0
8.0
EPSS
0.9%
CVE-2017-6669 HIGH This Week

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Webex Advanced Recording Format Player
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2017-9949 HIGH This Week

The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2015-3215 HIGH PATCH This Week

The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Virtio Win
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-7458 HIGH PATCH This Week

The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ntopng
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-6678 HIGH This Week

A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Virtualized Packet Core
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-7459 HIGH PATCH This Week

ntopng before 3.0 allows HTTP Response Splitting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ntopng
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6324 HIGH This Week

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Messaging Gateway
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2017-7496 HIGH This Week

fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Arm Installer
NVD
CVSS 3.0
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy