| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0290 | Hig | 0.60 | 7.8 | 0.77 | May 9, 2017 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server… | ||
| CVE-2016-8209 | Hig | 0.49 | 7.5 | 0.01 | May 8, 2017 | Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management… | ||
| CVE-2016-8202 | Hig | 0.57 | 8.8 | 0.03 | May 8, 2017 | A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface.… | ||
| CVE-2016-10369 | Hig | 0.51 | 7.8 | 0.00 | May 8, 2017 | unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). | ||
| CVE-2017-6953 | Hig | 0.54 | 7.8 | 0.01 | May 8, 2017 | Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe. | ||
| CVE-2017-6051 | Hig | 0.46 | 7.0 | 0.01 | May 8, 2017 | An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in… | ||
| CVE-2017-8825 | Hig | 0.49 | 7.5 | 0.02 | May 8, 2017 | A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses. | ||
| CVE-2017-8844 | Hig | 0.51 | 7.8 | 0.02 | May 8, 2017 | The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. | ||
| CVE-2017-8829 | Hig | 0.51 | 7.8 | 0.02 | May 8, 2017 | Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. | ||
| CVE-2017-8804 | Hig | 0.49 | 7.5 | 0.08 | May 7, 2017 | The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used)… | ||
| CVE-2017-7929 | Hig | 0.46 | 7.1 | 0.02 | May 6, 2017 | An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | ||
| CVE-2017-7927 | Hig | 0.50 | 7.3 | 0.37 | May 6, 2017 | A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX,… | ||
| CVE-2017-7923 | Hig | 0.57 | 8.8 | 0.02 | May 6, 2017 | A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD… | ||
| CVE-2017-7911 | Hig | 0.57 | 8.8 | 0.04 | May 6, 2017 | A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. | ||
| CVE-2017-6031 | Hig | 0.57 | 8.8 | 0.03 | May 6, 2017 | A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution. | ||
| CVE-2017-1156 | Hig | 0.57 | 8.8 | 0.01 | May 5, 2017 | IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a… | ||
| CVE-2016-9692 | Hig | 0.56 | 8.6 | 0.02 | May 5, 2017 | IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP… | ||
| CVE-2016-9691 | Hig | 0.56 | 8.6 | 0.01 | May 5, 2017 | IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all… | ||
| CVE-2017-8793 | Hig | 0.57 | 8.8 | 0.01 | May 5, 2017 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the… | ||
| CVE-2017-8080 | Hig | 0.57 | 8.8 | 0.03 | May 5, 2017 | Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | ||
| CVE-2017-6557 | Hig | 0.57 | 8.8 | 0.01 | May 5, 2017 | SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2017-8787 | Hig | 0.57 | 8.8 | 0.02 | May 5, 2017 | The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. | ||
| CVE-2017-8059 | Hig | 0.53 | 8.1 | 0.01 | May 5, 2017 | Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static… | ||
| CVE-2017-3733 | Hig | 0.50 | 7.5 | 0.13 | May 4, 2017 | During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | ||
| CVE-2017-3731 | Hig | 0.53 | 7.5 | 0.58 | May 4, 2017 | If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using… | ||
| CVE-2017-3730 | Hig | 0.56 | 7.5 | 0.55 | May 4, 2017 | In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. | ||
| CVE-2016-7054 | Hig | 0.54 | 7.5 | 0.32 | May 4, 2017 | In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. | ||
| CVE-2016-7053 | Hig | 0.50 | 7.5 | 0.22 | May 4, 2017 | In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an… | ||
| CVE-2017-8779 | Hig | 0.58 | 7.5 | 0.82 | May 4, 2017 | rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no… | ||
| CVE-2017-8776 | Hig | 0.49 | 7.5 | 0.01 | May 4, 2017 | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed… | ||
| CVE-2017-6625 | Hig | 0.46 | 7.1 | 0.02 | May 3, 2017 | A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting… | ||
| CVE-2017-5481 | Hig | 0.57 | 8.8 | 0.02 | May 3, 2017 | Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. | ||
| CVE-2016-9976 | Hig | 0.55 | 8.4 | 0.02 | May 3, 2017 | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. | ||
| CVE-2016-2930 | Hig | 0.49 | 7.5 | 0.02 | May 3, 2017 | IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. | ||
| CVE-2017-5240 | Hig | 0.49 | 7.5 | 0.01 | May 3, 2017 | Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. | ||
| CVE-2017-5236 | Hig | 0.51 | 7.8 | 0.01 | May 3, 2017 | Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | ||
| CVE-2016-10367 | Hig | 0.50 | 7.5 | 0.16 | May 3, 2017 | In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a… | ||
| CVE-2017-8455 | Hig | 0.51 | 7.8 | 0.04 | May 3, 2017 | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | ||
| CVE-2017-8454 | Hig | 0.58 | 8.8 | 0.04 | May 3, 2017 | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | ||
| CVE-2017-8453 | Hig | 0.58 | 8.8 | 0.04 | May 3, 2017 | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | ||
| CVE-2017-7431 | Hig | 0.57 | 8.8 | 0.01 | May 3, 2017 | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | ||
| CVE-2017-0331 | Hig | 0.51 | 7.8 | 0.01 | May 2, 2017 | An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may… | ||
| CVE-2015-9004 | Hig | 0.44 | 7.8 | 0.01 | May 2, 2017 | kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. | ||
| CVE-2014-9940 | Hig | 0.39 | 7.0 | 0.02 | May 2, 2017 | The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. | ||
| CVE-2017-8419 | Hig | 0.51 | 7.8 | 0.02 | May 2, 2017 | LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as… | ||
| CVE-2017-7483 | Hig | 0.49 | 7.5 | 0.02 | May 2, 2017 | Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. | ||
| CVE-2015-8257 | Hig | 0.62 | 8.8 | 0.18 | May 2, 2017 | The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. | ||
| CVE-2017-8403 | — | Hig | 0.57 | 8.8 | 0.01 | May 1, 2017 | 360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android… | |
| CVE-2017-8400 | Hig | 0.57 | 8.8 | 0.02 | May 1, 2017 | In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. | ||
| CVE-2017-6565 | Hig | 0.57 | 8.8 | 0.01 | May 1, 2017 | On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious… |
- risk 0.60cvss 7.8epss 0.77
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…
- risk 0.49cvss 7.5epss 0.01
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management…
- risk 0.57cvss 8.8epss 0.03
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface.…
- risk 0.51cvss 7.8epss 0.00
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
- risk 0.54cvss 7.8epss 0.01
Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.
- risk 0.46cvss 7.0epss 0.01
An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in…
- risk 0.49cvss 7.5epss 0.02
A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.
- risk 0.51cvss 7.8epss 0.02
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
- risk 0.51cvss 7.8epss 0.02
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
- risk 0.49cvss 7.5epss 0.08
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used)…
- risk 0.46cvss 7.1epss 0.02
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.
- risk 0.50cvss 7.3epss 0.37
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX,…
- risk 0.57cvss 8.8epss 0.02
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD…
- risk 0.57cvss 8.8epss 0.04
A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution.
- risk 0.57cvss 8.8epss 0.03
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.
- risk 0.57cvss 8.8epss 0.01
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a…
- risk 0.56cvss 8.6epss 0.02
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP…
- risk 0.56cvss 8.6epss 0.01
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the…
- risk 0.57cvss 8.8epss 0.03
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.
- risk 0.53cvss 8.1epss 0.01
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static…
- risk 0.50cvss 7.5epss 0.13
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
- risk 0.53cvss 7.5epss 0.58
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using…
- risk 0.56cvss 7.5epss 0.55
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
- risk 0.54cvss 7.5epss 0.32
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
- risk 0.50cvss 7.5epss 0.22
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an…
- risk 0.58cvss 7.5epss 0.82
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no…
- risk 0.49cvss 7.5epss 0.01
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed…
- risk 0.46cvss 7.1epss 0.02
A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting…
- risk 0.57cvss 8.8epss 0.02
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
- risk 0.55cvss 8.4epss 0.02
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
- risk 0.49cvss 7.5epss 0.02
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512.
- risk 0.49cvss 7.5epss 0.01
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.
- risk 0.51cvss 7.8epss 0.01
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
- risk 0.50cvss 7.5epss 0.16
In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a…
- risk 0.51cvss 7.8epss 0.04
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.
- risk 0.58cvss 8.8epss 0.04
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.
- risk 0.58cvss 8.8epss 0.04
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.
- risk 0.57cvss 8.8epss 0.01
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…
- risk 0.44cvss 7.8epss 0.01
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.
- risk 0.39cvss 7.0epss 0.02
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
- risk 0.51cvss 7.8epss 0.02
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as…
- risk 0.49cvss 7.5epss 0.02
Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.
- risk 0.62cvss 8.8epss 0.18
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
- risk 0.57cvss 8.8epss 0.01
360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android…
- risk 0.57cvss 8.8epss 0.02
In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution.
- risk 0.57cvss 8.8epss 0.01
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious…