Skip to main content
CVE-2017-16844 CRITICAL Act Now

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.2% and no vendor patch available.

Buffer Overflow RCE Denial Of Service Procmail
NVD
CVSS 3.0
9.8
EPSS
20.2%
CVE-2017-12337 CRITICAL Act Now

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.

Cisco Authentication Bypass Emergency Responder Finesse Hosted Collaboration Solution +8
NVD
CVSS 3.0
9.8
EPSS
13.2%
CVE-2017-16851 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-16850 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-16849 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-16847 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-16846 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2017-16848 CRITICAL Act Now

Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.0
9.8
EPSS
9.5%
CVE-2017-0909 CRITICAL PATCH Act Now

The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Private Address Check
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-0847 CRITICAL PATCH Act Now

An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-8807 CRITICAL PATCH Act Now

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Varnish Varnish Cache Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2017-5738 CRITICAL PATCH Act Now

Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Intel Privilege Escalation Information Disclosure Unite
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2017-0854 CRITICAL PATCH Act Now

An information disclosure vulnerability in the Android media framework (n/a). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.0
9.1
EPSS
0.1%
CVE-2017-0853 CRITICAL PATCH Act Now

An information disclosure vulnerability in the Android media framework (n/a). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy