Skip to main content
CVE-2017-14492 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.8%.

Buffer Overflow RCE Denial Of Service Ubuntu Linux Debian Linux +4
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
92.8%
Threat
6.2
CVE-2017-14493 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Ubuntu Linux Debian Linux +5
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.3%
CVE-2017-6089 CRITICAL POC Act Now

SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpcollab
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.6%
CVE-2017-12620 CRITICAL POC PATCH Act Now

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Apache Opennlp
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-11497 CRITICAL Act Now

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sentinel Ldk Rte
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2017-11496 CRITICAL Act Now

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sentinel Ldk Rte
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2015-7841 CRITICAL Act Now

The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Command Injection Fusionserver Ch121 V3 Fusionserver Ch220 V3 Fusionserver Ch222 V3 +7
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-13997 CRITICAL Act Now

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Wonderware Indusoft Web Studio Wonderware Intouch
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-8021 CRITICAL Act Now

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Storage
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2017-14759 CRITICAL Act Now

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF XXE Document Sciences Xpression
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12639 CRITICAL Act Now

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Imail Server
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-12638 CRITICAL Act Now

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Imail Server
NVD
CVSS 3.0
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy