Skip to main content
CVE-2017-10928 HIGH POC This Week

In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-10918 CRITICAL Act Now

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2017-10912 CRITICAL Act Now

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2017-10921 CRITICAL PATCH Act Now

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 3.0
10.0
EPSS
1.1%
CVE-2017-10920 CRITICAL PATCH Act Now

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 3.0
10.0
EPSS
1.1%
CVE-2017-1253 CRITICAL Act Now

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Guardium
NVD
CVSS 3.0
9.9
EPSS
1.4%
CVE-2017-10913 CRITICAL Act Now

The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-1175 CRITICAL Act Now

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-1269 CRITICAL Act Now

IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Security Guardium
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-8387 MEDIUM POC This Month

STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stdu Viewer
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-10917 CRITICAL Act Now

Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Xen
NVD
CVSS 3.0
9.1
EPSS
0.8%
CVE-2017-10915 CRITICAL Act Now

The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Xen
NVD
CVSS 3.0
9.0
EPSS
0.5%
CVE-2017-9925 HIGH This Week

In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Denial Of Service Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-9924 HIGH This Week

In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Denial Of Service Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-9927 HIGH This Week

In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Microsoft Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-9926 HIGH This Week

In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Microsoft Swftools
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-2295 HIGH This Week

Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization RCE Puppet Debian Linux
NVD
CVSS 3.0
8.2
EPSS
1.9%
CVE-2017-10914 HIGH This Week

The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Race Condition Xen
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-9528 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
1.6%
CVE-2017-8370 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial of service (Heap Corruption and application crash) in processing a FlashPix. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Fpx Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.6%
CVE-2017-9914 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9903 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx+0x00000000000117ff.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9902 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9901 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls subsequent Write Address starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9900 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9899 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9898 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004cbb.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9897 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x000000000000dcab.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9896 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9895 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-9529 HIGH This Week

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004efd.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-8766 HIGH This Week

IrfanView version 4.44 (32bit) allows remote attackers to execute code via a crafted .mov file, because of a "User Mode Write AV near NULL" issue. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-8781 HIGH This Week

XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in "Browser" mode,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-8381 HIGH This Week

XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in "Browser" mode, because. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-8282 HIGH This Week

XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in "Browser" mode, because. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-9883 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9882 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Block Data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9881 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9880 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9536 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9535 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9534 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9533 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9532 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-10731 HIGH This Week

IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-10730 HIGH This Week

IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-10729 HIGH This Week

IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9879 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9878 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9877 HIGH This Week

IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Fpx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy