Skip to main content
CVE-2017-6622 CRITICAL POC THREAT Emergency

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

Cisco Command Injection Privilege Escalation Prime Collaboration Provisioning
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
31.0%
Threat
4.4
CVE-2017-9052 CRITICAL Act Now

An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libdwarf
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2017-7503 CRITICAL Act Now

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Red Hat Jboss Enterprise Application Platform
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-9055 CRITICAL Act Now

An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libdwarf
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2017-9054 CRITICAL Act Now

An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libdwarf
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2017-9058 CRITICAL PATCH Act Now

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9051 CRITICAL PATCH Act Now

libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libav
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-6195 CRITICAL PATCH Act Now

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moveit Dmz Moveit Transfer 2017
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2017-9053 CRITICAL Act Now

An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libdwarf
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy