Skip to main content
CVE-2017-1000116 CRITICAL PATCH Act Now

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mercurial Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2017-15041 CRITICAL PATCH Act Now

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Debian Linux Developer Tools Enterprise Linux Eus +3
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2017-13995 CRITICAL Act Now

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ininet Webserver
NVD
CVSS 3.0
10.0
EPSS
1.6%
CVE-2017-15032 CRITICAL PATCH Act Now

ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-8937 CRITICAL PATCH Act Now

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Tivoli Storage Manager
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14000 CRITICAL Act Now

An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skyrouter Z4200 Firmware Skyrouter Z4400 Firmware
NVD
CVSS 3.0
9.4
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy