Skip to main content
CVE-2017-15088 CRITICAL PATCH Act Now

plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow RCE Stack Overflow Red Hat +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2017-16931 CRITICAL PATCH Act Now

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libxml2
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-13701 CRITICAL Act Now

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eds G512E Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy