Skip to main content
CVE-2017-3623 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.9%.

Information Disclosure Oracle Solaris
NVD Exploit-DB
CVSS 3.0
10.0
EPSS
76.9%
Threat
5.8
CVE-2015-7246 CRITICAL POC THREAT Emergency

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.1%.

D-Link Authentication Bypass Dvg N5402Sp Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
33.1%
Threat
4.5
CVE-2015-7247 CRITICAL POC THREAT Emergency

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.9%.

D-Link Information Disclosure Dvg N5402Sp Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
30.9%
Threat
4.4
CVE-2017-3549 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

SQLi Authentication Bypass Oracle Scripting
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
31.0%
Threat
4.3
CVE-2015-7568 CRITICAL POC PATCH Act Now

SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Yeager Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.9%
CVE-2016-6903 CRITICAL PATCH Act Now

lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Lshell
NVD GitHub
CVSS 3.0
9.9
EPSS
2.1%
CVE-2016-6902 CRITICAL PATCH Act Now

lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Lshell
NVD GitHub
CVSS 3.0
9.9
EPSS
2.1%
CVE-2017-3234 CRITICAL PATCH Act Now

Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Automatic Service Request
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2014-9654 CRITICAL Act Now

The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome International Components For Unicode
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-8105 CRITICAL PATCH Act Now

FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Freetype Debian Linux
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-3503 CRITICAL PATCH Act Now

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Apache Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
9.9
EPSS
1.1%
CVE-2017-2320 CRITICAL Act Now

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Northstar Controller
NVD
CVSS 3.0
10.0
EPSS
0.5%
CVE-2017-3553 CRITICAL Act Now

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Identity Manager
NVD
CVSS 3.0
9.9
EPSS
0.9%
CVE-2017-3510 CRITICAL PATCH Act Now

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Solaris
NVD
CVSS 3.0
9.6
EPSS
0.5%
CVE-2017-3508 CRITICAL PATCH Act Now

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Primavera Gateway
NVD
CVSS 3.0
9.1
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy