Skip to main content
CVE-2017-9791 CRITICAL POC KEV PATCH THREAT Act Now

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Apache RCE
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2017-7175 CRITICAL POC THREAT Emergency

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.4%.

Command Injection Nfsen
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
21.4%
Threat
4.1
CVE-2017-11147 CRITICAL POC PATCH Act Now

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
9.1
EPSS
3.7%
CVE-2017-5640 CRITICAL Act Now

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Apache Impala
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-11139 CRITICAL PATCH Act Now

GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-11125 CRITICAL Act Now

libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Xar
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11124 CRITICAL Act Now

libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Xar
NVD
CVSS 3.0
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy