Skip to main content
CVE-2017-14706 CRITICAL POC THREAT Emergency

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.4%.

Microsoft Authentication Bypass PHP I Suite Web Application Firewall
NVD GitHub
CVSS 3.0
9.8
EPSS
72.4%
Threat
5.6
CVE-2017-14078 CRITICAL PATCH Act Now

SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 66.3%.

Trend Micro RCE SQLi Mobile Security
NVD
CVSS 3.0
9.8
EPSS
66.3%
Threat
4.0
CVE-2017-14637 CRITICAL POC Act Now

In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14080 CRITICAL PATCH Act Now

Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Mobile Security
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2017-9393 CRITICAL Act Now

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager Identity Manager Virtual Appliance
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14636 CRITICAL Act Now

Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy