Skip to main content
CVE-2017-16352 HIGH POC THREAT Act Now

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.4%.

Buffer Overflow Graphicsmagick Debian Linux
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
31.4%
Threat
4.2
CVE-2017-16244 HIGH POC PATCH This Week

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF October
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-15918 HIGH POC This Week

Sera 1.2 stores the user's login password in plain text in their home directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sera
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-16357 HIGH POC PATCH This Week

In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-1300 HIGH PATCH This Week

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Openpages Grc Platform
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1000244 HIGH PATCH This Week

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Favorite
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-15566 HIGH This Week

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Slurm
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-16358 HIGH PATCH This Week

In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14376 HIGH This Week

EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Appsync
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-16248 HIGH This Week

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Catalyst Plugin Static Simple
NVD
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy