Skip to main content
CVE-2017-1000083 HIGH POC PATCH THREAT Act Now

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.7%.

Information Disclosure Checkpoint Evince Debian Linux Enterprise Linux Desktop +5
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
76.7%
Threat
5.4
CVE-2017-1129 MEDIUM POC PATCH THREAT This Month

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.5%.

Denial Of Service IBM Inotes Expeditor
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
68.5%
Threat
4.9
CVE-2017-1130 MEDIUM POC PATCH THREAT This Month

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.5%.

Denial Of Service IBM Inotes
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
65.5%
Threat
4.8
CVE-2017-14145 CRITICAL POC Act Now

HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Helpdezk
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-2862 HIGH POC This Week

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Gdk Pixbuf Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.5%
CVE-2017-2870 HIGH POC This Week

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gdk Pixbuf Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2017-14158 HIGH POC GHSA This Week

Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Scrapy
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-2779 HIGH POC This Week

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Labview
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-14149 HIGH POC This Week

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Goahead
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-3086 CRITICAL PATCH Act Now

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Hadoop
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14108 MEDIUM POC This Month

libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gedit
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2017-2821 HIGH This Week

An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free RCE Perceptive Document Filters
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2017-14152 HIGH PATCH This Week

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service RCE Openjpeg +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2017-14151 HIGH PATCH This Week

An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service Openjpeg Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2017-14146 HIGH This Week

HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Helpdezk
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-1097 HIGH This Week

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Emptoris Strategic Supply Management
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1458 HIGH This Week

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Qradar Network Security
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-2822 HIGH This Week

An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Perceptive Document Filters
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-2807 HIGH This Week

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Ledger
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-2808 HIGH This Week

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Use After Free RCE Ledger
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1491 HIGH This Week

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Network Security
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1457 MEDIUM This Month

IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Qradar Network Security
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14156 MEDIUM PATCH This Month

The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-14140 MEDIUM PATCH This Month

The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-14159 MEDIUM PATCH This Month

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this. Rated medium severity (CVSS 4.7).

Information Disclosure Openldap Blockchain Platform
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2017-5698 MEDIUM This Month

Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Active Management Technology Firmware Manageability Engine Firmware Small Business Technology Firmware
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy