Skip to main content
CVE-2017-10989 CRITICAL PATCH CISA Act Now

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8%.

Buffer Overflow Information Disclosure Sqlite
NVD
CVSS 3.0
9.8
EPSS
12.8%
Threat
4.3
CVE-2017-10968 CRITICAL POC Act Now

In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Finecms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-9629 CRITICAL Act Now

A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

Buffer Overflow RCE Schneider Electric Stack Overflow Wonderware Archestra Logger
NVD
CVSS 3.1
9.8
EPSS
19.7%
CVE-2017-7405 CRITICAL PATCH Act Now

On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

D-Link Authentication Bypass Dir 615
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2017-10965 CRITICAL PATCH Act Now

An issue was discovered in Irssi before 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Irssi
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-10966 CRITICAL PATCH Act Now

An issue was discovered in Irssi before 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Irssi
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-2234 CRITICAL Act Now

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hem Gw16A Firmware Hem Gw26A Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-2225 CRITICAL Act Now

Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ebidsettingchecker
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-7512 CRITICAL Act Now

Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat 3Scale Api Management Platform
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-2237 CRITICAL Act Now

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Hem Gw16A Firmware Hem Gw26A Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-2236 CRITICAL Act Now

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hem Gw16A Firmware Hem Gw26A Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-2235 CRITICAL Act Now

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hem Gw16A Firmware Hem Gw26A Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-1000082 CRITICAL PATCH Act Now

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Systemd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2017-7406 CRITICAL PATCH Act Now

The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Information Disclosure Dir 615
NVD
CVSS 3.1
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy