Skip to main content
CVE-2017-9232 CRITICAL POC PATCH THREAT Act Now

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Authentication Bypass Privilege Escalation Juju
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
81.6%
Threat
5.9
CVE-2015-9059 CRITICAL PATCH Act Now

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.7%.

Command Injection Picocom
NVD GitHub
CVSS 3.0
9.8
EPSS
16.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy