Skip to main content
CVE-2017-12149 CRITICAL POC KEV EUVD KEV THREAT Emergency

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Red Hat Deserialization RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
94.3%
Threat
7.8
CVE-2017-14491 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service RCE Dnsmasq +20
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
57.8%
Threat
5.2
CVE-2017-12821 CRITICAL Act Now

Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sentinel Ldk Rte Firmware
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2017-0807 CRITICAL Act Now

An elevation of privilege vulnerability in the Android framework (ui framework). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-12166 CRITICAL PATCH Act Now

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption RCE Openvpn Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2017-12822 CRITICAL Act Now

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sentinel Ldk Rte Firmware
NVD
CVSS 3.0
9.9
EPSS
0.3%
CVE-2017-12819 CRITICAL Act Now

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sentinel Ldk Rte Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-0829 CRITICAL Act Now

An elevation of privilege vulnerability in the Motorola bootloader. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-0828 CRITICAL Act Now

An elevation of privilege vulnerability in the Huawei bootloader. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Huawei Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-0824 CRITICAL Act Now

An elevation of privilege vulnerability in the Broadcom wifi driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Broadcom Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-0822 CRITICAL PATCH Act Now

An elevation of privilege vulnerability in the Android system (camera). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy