Skip to main content
CVE-2017-1000083 HIGH POC PATCH THREAT Act Now

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.7%.

Information Disclosure Checkpoint Evince Debian Linux Enterprise Linux Desktop +5
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
76.7%
Threat
5.4
CVE-2017-2862 HIGH POC This Week

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Gdk Pixbuf Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.5%
CVE-2017-2870 HIGH POC This Week

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gdk Pixbuf Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2017-14158 HIGH POC GHSA This Week

Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Scrapy
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-2779 HIGH POC This Week

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Labview
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-14149 HIGH POC This Week

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Goahead
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-2821 HIGH This Week

An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free RCE Perceptive Document Filters
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2017-14152 HIGH PATCH This Week

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service RCE Openjpeg +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2017-14151 HIGH PATCH This Week

An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service Openjpeg Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2017-14146 HIGH This Week

HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Helpdezk
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-1097 HIGH This Week

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Emptoris Strategic Supply Management
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1458 HIGH This Week

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Qradar Network Security
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-2822 HIGH This Week

An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Perceptive Document Filters
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-2807 HIGH This Week

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Ledger
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-2808 HIGH This Week

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Use After Free RCE Ledger
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1491 HIGH This Week

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Network Security
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy