2017-02-15
2017-02-15 23:59Z
HIGH

CVE-2017-0321 — Nvidia Gpu_driver: All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0321

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. CVSSv3.1 8.8 (HIGH)

CWECWE 476VNDNvidiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 23:59Z
HIGH

CVE-2017-0311 — Nvidia Gpu_driver: GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0311

NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. CVSSv3.1 8.8 (HIGH)

CWECWE 732VNDNvidiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 23:59Z
HIGH

CVE-2017-0309 — Nvidia Gpu_driver: All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0309

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. CVSSv3.1 8.8 (HIGH)

CWECWE 190VNDNvidiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 23:59Z
HIGH

CVE-2017-0308 — Nvidia Gpu_driver: All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-0308

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDNvidiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 21:59Z
HIGH

CVE-2016-8677 — Imagemagick Imagemagick: The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8677

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. CVSSv3.1 8.8 (HIGH)

VNDImagemagickVNDAcquirequantumpixelsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 20:59Z
HIGH

CVE-2017-3801 — Cisco Unified_computing_system_director: A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile CVSSv3.1 8.8 (HIGH)

CWECWE 863CWECWE 264VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 19:59Z
HIGH

CVE-2017-5992 — Python Openpyxl: 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5992

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. CVSSv3.1 8.2 (HIGH)

CWECWE 611VNDOpenpyxlTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-02-15
2017-02-15 19:59Z
CRIT

CVE-2016-9706 — Ibm Integration_bus: Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9706

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. CVSSv3.1 9.1 (CRITICAL)

CWECWE 611VNDIbmTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-02-15
2017-02-15 19:59Z
HIGH

CVE-2016-8866 — Imagemagick Imagemagick: The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8866

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDImagemagickVNDAcquiremagickmemoryTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 19:59Z
HIGH

CVE-2016-8862 — Imagemagick Imagemagick: The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8862

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDImagemagickVNDAcquiremagickmemoryTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 19:59Z
HIGH

CVE-2016-6033 — Ibm Tivoli_storage_manager_for_virtual_environments_data_protection_: Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6033

IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 19:59Z
CRIT

CVE-2016-3694 — Modified Ecommerce_shopsoftware: Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3694

Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDModifiedTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-15
2017-02-15 19:59Z
CRIT

CVE-2016-0360 — Ibm Websphere_mq_jms: Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-0360

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDIbmTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-15
2017-02-15 15:59Z
CRIT

CVE-2013-7459 — Dlitz Pycrypto: Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2013-7459

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDFedoraprojectVNDDlitzTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2996 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2996

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2995 — Adobe Flash_player: Successful exploitation could lead to arbitrary code execution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2995

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 843VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2994 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2994

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2993 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2993

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2992 — Adobe Flash_player: Successful exploitation could lead to arbitrary code execution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2992

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2991 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2991

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2990 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2990

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2988 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2988

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2987 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2987

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 190VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2986 — Adobe Flash_player: Successful exploitation could lead to arbitrary code execution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2986

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2985 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2985

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score