Skip to main content
CVE-2017-11381 CRITICAL PATCH Act Now

A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.5%.

Trend Micro Command Injection Deep Discovery Director
NVD
CVSS 3.0
9.8
EPSS
18.5%
CVE-2017-12065 CRITICAL PATCH Act Now

spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Cacti
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-11380 CRITICAL PATCH Act Now

Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Trend Micro Authentication Bypass Deep Discovery Director
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-4923 CRITICAL PATCH Act Now

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Vcenter Server
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-11129 CRITICAL Act Now

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Heinekingmedia
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy