| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6650 | Hig | 0.49 | 7.5 | 0.02 | Mar 21, 2017 | EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system. | ||
| CVE-2016-4504 | Hig | 0.57 | 8.8 | 0.00 | Mar 21, 2017 | A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. | ||
| CVE-2017-7208 | Hig | 0.46 | 7.1 | 0.01 | Mar 21, 2017 | The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | ||
| CVE-2017-7206 | Hig | 0.46 | 7.1 | 0.01 | Mar 21, 2017 | The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | ||
| CVE-2016-4929 | Hig | 0.58 | 8.8 | 0.04 | Mar 20, 2017 | Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. | ||
| CVE-2016-4928 | Hig | 0.57 | 8.8 | 0.01 | Mar 20, 2017 | Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. | ||
| CVE-2016-4927 | Hig | 0.53 | 8.1 | 0.01 | Mar 20, 2017 | Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. | ||
| CVE-2016-6816 | Hig | 0.45 | 7.1 | 0.40 | Mar 20, 2017 | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid… | ||
| CVE-2017-6803 | Hig | 0.61 | 8.8 | 0.04 | Mar 20, 2017 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the… | ||
| CVE-2017-6318 | Hig | 0.49 | 7.5 | 0.03 | Mar 20, 2017 | saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | ||
| CVE-2017-6178 | Hig | 0.54 | 7.8 | 0.01 | Mar 20, 2017 | The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference. | ||
| CVE-2017-6058 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN… | ||
| CVE-2017-5618 | Hig | 0.51 | 7.8 | 0.01 | Mar 20, 2017 | GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. | ||
| CVE-2017-1151 | Hig | 0.53 | 8.1 | 0.02 | Mar 20, 2017 | IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293. | ||
| CVE-2017-1145 | Hig | 0.56 | 8.6 | 0.02 | Mar 20, 2017 | IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672. | ||
| CVE-2017-1134 | Hig | 0.51 | 7.8 | 0.00 | Mar 20, 2017 | IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459. | ||
| CVE-2016-9165 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication… | ||
| CVE-2016-5857 | Hig | 0.51 | 7.8 | 0.00 | Mar 20, 2017 | The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140. | ||
| CVE-2015-8983 | Hig | 0.53 | 8.1 | 0.04 | Mar 20, 2017 | Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a… | ||
| CVE-2014-9851 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | ||
| CVE-2014-9850 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | ||
| CVE-2014-9849 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | ||
| CVE-2014-9848 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | ||
| CVE-2014-9842 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | ||
| CVE-2012-5361 | Hig | 0.51 | 7.8 | 0.03 | Mar 20, 2017 | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. | ||
| CVE-2017-7187 | Hig | 0.51 | 7.8 | 0.00 | Mar 20, 2017 | The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to… | ||
| CVE-2017-7186 | Hig | 0.49 | 7.5 | 0.05 | Mar 20, 2017 | libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. | ||
| CVE-2014-9938 | Hig | 0.50 | 8.8 | 0.02 | Mar 20, 2017 | contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | ||
| CVE-2017-7184 | Hig | 0.51 | 7.8 | 0.02 | Mar 19, 2017 | The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by… | ||
| CVE-2017-7178 | Hig | 0.61 | 8.8 | 0.04 | Mar 18, 2017 | CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. | ||
| CVE-2017-7177 | Hig | 0.49 | 7.5 | 0.01 | Mar 18, 2017 | Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. | ||
| CVE-2015-3884 | Hig | 0.61 | 8.8 | 0.14 | Mar 17, 2017 | Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing… | ||
| CVE-2015-3881 | Hig | 0.49 | 7.5 | 0.02 | Mar 17, 2017 | Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml. | ||
| CVE-2014-9854 | Hig | 0.49 | 7.5 | 0.04 | Mar 17, 2017 | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | ||
| CVE-2014-8722 | Hig | 0.53 | 7.5 | 0.14 | Mar 17, 2017 | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. | ||
| CVE-2014-8701 | Hig | 0.49 | 7.5 | 0.01 | Mar 17, 2017 | Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. | ||
| CVE-2017-6967 | Hig | 0.48 | 7.3 | 0.01 | Mar 17, 2017 | xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. | ||
| CVE-2017-6962 | Hig | 0.49 | 7.5 | 0.01 | Mar 17, 2017 | An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12. | ||
| CVE-2017-6960 | Hig | 0.49 | 7.5 | 0.02 | Mar 17, 2017 | An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable. | ||
| CVE-2017-0151 | Hig | 0.50 | 7.5 | 0.15 | Mar 17, 2017 | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the… | ||
| CVE-2017-0150 | Hig | 0.50 | 7.5 | 0.15 | Mar 17, 2017 | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the… | ||
| CVE-2017-0149 | Hig | 0.72 | 8.8 | 0.29 | KEV | Mar 17, 2017 | Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in… | |
| CVE-2017-0148 | Hig | 0.82 | 8.1 | 0.99 | KEV | Mar 17, 2017 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via… | |
| CVE-2017-0147 | Hig | 0.78 | 7.5 | 1.00 | KEV | Mar 17, 2017 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information… | |
| CVE-2017-0146 | Hig | 0.85 | 8.8 | 0.90 | KEV | Mar 17, 2017 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via… | |
| CVE-2017-0145 | Hig | 0.85 | 8.8 | 0.90 | KEV | Mar 17, 2017 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via… | |
| CVE-2017-0144 | Hig | 0.86 | 8.8 | 0.99 | KEV | Mar 17, 2017 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via… | |
| CVE-2017-0143 | Hig | 0.86 | 8.8 | 0.93 | KEV | Mar 17, 2017 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via… | |
| CVE-2017-0141 | Hig | 0.53 | 7.5 | 0.48 | Mar 17, 2017 | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the… | ||
| CVE-2017-0138 | Hig | 0.50 | 7.5 | 0.15 | Mar 17, 2017 | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the… |
- risk 0.49cvss 7.5epss 0.02
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.
- risk 0.57cvss 8.8epss 0.00
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
- risk 0.46cvss 7.1epss 0.01
The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.
- risk 0.46cvss 7.1epss 0.01
The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.
- risk 0.58cvss 8.8epss 0.04
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
- risk 0.57cvss 8.8epss 0.01
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.
- risk 0.53cvss 8.1epss 0.01
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.
- risk 0.45cvss 7.1epss 0.40
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid…
- risk 0.61cvss 8.8epss 0.04
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the…
- risk 0.49cvss 7.5epss 0.03
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
- risk 0.54cvss 7.8epss 0.01
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
- risk 0.49cvss 7.5epss 0.04
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN…
- risk 0.51cvss 7.8epss 0.01
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
- risk 0.53cvss 8.1epss 0.02
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.
- risk 0.56cvss 8.6epss 0.02
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.
- risk 0.51cvss 7.8epss 0.00
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.
- risk 0.49cvss 7.5epss 0.04
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication…
- risk 0.51cvss 7.8epss 0.00
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.
- risk 0.53cvss 8.1epss 0.04
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a…
- risk 0.49cvss 7.5epss 0.04
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
- risk 0.49cvss 7.5epss 0.04
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
- risk 0.49cvss 7.5epss 0.04
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
- risk 0.49cvss 7.5epss 0.04
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
- risk 0.49cvss 7.5epss 0.04
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
- risk 0.51cvss 7.8epss 0.03
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.
- risk 0.51cvss 7.8epss 0.00
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to…
- risk 0.49cvss 7.5epss 0.05
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
- risk 0.50cvss 8.8epss 0.02
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
- risk 0.51cvss 7.8epss 0.02
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by…
- risk 0.61cvss 8.8epss 0.04
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
- risk 0.49cvss 7.5epss 0.01
Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
- risk 0.61cvss 8.8epss 0.14
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing…
- risk 0.49cvss 7.5epss 0.02
Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.
- risk 0.49cvss 7.5epss 0.04
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
- risk 0.53cvss 7.5epss 0.14
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
- risk 0.49cvss 7.5epss 0.01
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password.
- risk 0.48cvss 7.3epss 0.01
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable.
- risk 0.50cvss 7.5epss 0.15
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…
- risk 0.50cvss 7.5epss 0.15
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…
- risk 0.72cvss 8.8epss 0.29
Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in…
- risk 0.82cvss 8.1epss 0.99
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…
- risk 0.78cvss 7.5epss 1.00
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information…
- risk 0.85cvss 8.8epss 0.90
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…
- risk 0.85cvss 8.8epss 0.90
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…
- risk 0.86cvss 8.8epss 0.99
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…
- risk 0.86cvss 8.8epss 0.93
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…
- risk 0.53cvss 7.5epss 0.48
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…
- risk 0.50cvss 7.5epss 0.15
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…