Skip to main content
CVE-2017-9800 CRITICAL Emergency

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 59.1% and no vendor patch available.

Information Disclosure Subversion
NVD
CVSS 3.0
9.8
EPSS
59.1%
CVE-2017-8658 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.0%.

Buffer Overflow RCE Chakracore
NVD
CVSS 3.0
9.8
EPSS
36.0%
CVE-2017-3108 CRITICAL PATCH Act Now

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2%.

Adobe File Upload Experience Manager
NVD
CVSS 3.0
9.8
EPSS
10.2%
CVE-2017-3124 CRITICAL PATCH Act Now

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Microsoft Adobe Acrobat +3
NVD
CVSS 3.0
9.8
EPSS
9.1%
CVE-2017-11274 CRITICAL PATCH Act Now

Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2015-3616 CRITICAL Act Now

SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Fortinet Fortimanager Firmware
NVD
CVSS 3.0
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy