Skip to main content
CVE-2017-1000002 CRITICAL POC THREAT Emergency

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.2%.

Path Traversal Information Disclosure RCE Atutor
NVD
CVSS 3.0
9.8
EPSS
60.2%
Threat
5.3
CVE-2017-11346 CRITICAL POC PATCH THREAT Act Now

Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.

RCE Zoho Manageengine Desktop Central
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
25.0%
Threat
4.2
CVE-2017-9811 CRITICAL POC THREAT Emergency

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.7%.

Information Disclosure Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.7%
Threat
4.2
CVE-2017-1000037 CRITICAL POC THREAT Emergency

RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

RCE Command Injection Rvm
NVD GitHub
CVSS 3.0
9.8
EPSS
20.6%
Threat
4.1
CVE-2017-10979 CRITICAL PATCH Act Now

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.2%.

Buffer Overflow Memory Corruption Denial Of Service RCE Freeradius
NVD
CVSS 3.0
9.8
EPSS
30.2%
CVE-2017-1000060 CRITICAL POC Act Now

EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eyesofnetwork
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2017-1000073 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-10984 CRITICAL PATCH Act Now

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.5%.

Buffer Overflow Memory Corruption Denial Of Service RCE Freeradius
NVD
CVSS 3.0
9.8
EPSS
21.5%
CVE-2017-1000075 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-1000074 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-1000072 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-11349 CRITICAL POC Act Now

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dt8X Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-0028 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.6%.

Buffer Overflow RCE Microsoft Edge
NVD GitHub
CVSS 3.0
9.8
EPSS
19.6%
CVE-2017-8011 CRITICAL Act Now

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.6% and no vendor patch available.

Authentication Bypass Emc M R Emc Storage Monitoring And Reporting Emc Vipr Srm Emc Vnx Monitoring And Reporting
NVD
CVSS 3.1
9.8
EPSS
15.6%
CVE-2017-1000009 CRITICAL PATCH Act Now

Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.5%.

Command Injection Product Information Management
NVD GitHub
CVSS 3.1
9.8
EPSS
10.5%
CVE-2017-1000081 CRITICAL Act Now

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Onos
NVD
CVSS 3.1
9.8
EPSS
8.3%
CVE-2017-1000030 CRITICAL Act Now

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Oracle Glassfish Server
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-2343 CRITICAL Act Now

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.0
10.0
EPSS
3.1%
CVE-2017-2349 CRITICAL Act Now

A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Command Injection Junos
NVD
CVSS 3.0
9.9
EPSS
3.5%
CVE-2017-1000039 CRITICAL Act Now

Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Framadate
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2017-2345 CRITICAL Act Now

On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Cisco Juniper Junos
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2017-11362 CRITICAL Act Now

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PHP
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-1000004 CRITICAL Act Now

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Information Disclosure Atutor
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-1000044 CRITICAL PATCH Act Now

gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Gtk Vnc
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-7664 CRITICAL PATCH Act Now

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Openmeetings
NVD
CVSS 3.0
10.0
EPSS
0.6%
CVE-2017-1000047 CRITICAL Act Now

rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Rbenv
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2017-1000362 CRITICAL PATCH Act Now

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-1000020 CRITICAL Act Now

SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedded Web Servers
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-10601 CRITICAL Act Now

A specific device configuration can result in a commit failure condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-7673 CRITICAL PATCH Act Now

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11329 CRITICAL Act Now

GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Glpi
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-1000003 CRITICAL Act Now

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Atutor
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-1000056 CRITICAL PATCH Act Now

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Kubernetes Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11354 CRITICAL PATCH Act Now

Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-6793 CRITICAL Act Now

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Apache RCE Java +1
NVD
CVSS 3.0
9.1
EPSS
3.6%
CVE-2017-2336 CRITICAL Act Now

A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Screenos
NVD
CVSS 3.0
9.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy