guidovranken

2 exploits Active since May 2017
CVE-2017-3730 NOMISEC HIGH WORKING POC
OpenSSL 1.1.0 - Denial of Service via NULL Pointer Dereference in DHE/ECDHE Key Exchange
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
CVSS 7.5
CVE-2017-8779 METASPLOIT HIGH ruby WORKING POC
rpcbind < 0.2.4 - Denial of Service via Crafted UDP Packet
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
CVSS 7.5