Skip to main content
CVE-2017-14746 CRITICAL Emergency

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.3% and no vendor patch available.

Memory Corruption Use After Free RCE Samba Ubuntu Linux +4
NVD
CVSS 3.1
9.8
EPSS
31.3%
CVE-2017-1000214 CRITICAL Act Now

GitPHP by xiphux is vulnerable to OS Command Injections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gitphp
NVD GitHub
CVSS 3.0
9.8
EPSS
7.2%
CVE-2017-8045 CRITICAL PATCH Act Now

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java RCE Spring Advanced Message Queuing Protocol
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-14586 CRITICAL Act Now

The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Hipchat
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2017-1001002 CRITICAL PATCH Act Now

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Math Js
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-1001003 CRITICAL PATCH Act Now

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mathjs
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy