CVEs from 2017
Total
11,713
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7494 | high | — | 10.0 | 3y ago | Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and the… | |||
| CVE-2017-8291 | high | — | 10.0 | 4y ago | Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an in… | |||
| CVE-2017-16651 | high | — | 10.0 | 5y ago | Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the … | |||
| CVE-2017-17968 | critical | 9.8 | 10.0 | 9y ago | A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP respons… | |||
| CVE-2017-17932 | critical | 9.8 | 10.0 | 9y ago | A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on th… | |||
| CVE-2017-17411 | critical | 9.8 | 10.0 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exis… | |||
| CVE-2017-17105 | critical | 9.8 | 10.0 | 9y ago | Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the w… | |||
| CVE-2017-17560 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is… | |||
| CVE-2017-12635 | critical | 9.8 | 10.0 | 9y ago | multiple issues in couchdb | |||
| CVE-2017-15222 | critical | 9.8 | 10.0 | 9y ago | Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code. | |||
| CVE-2017-14980 | critical | 9.8 | 10.0 | 9y ago | Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login. | |||
| CVE-2017-14706 | critical | 9.8 | 10.0 | 9y ago | DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken … | |||
| CVE-2017-14143 | critical | 9.8 | 10.0 | 9y ago | The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and cons… | |||
| CVE-2017-13067 | critical | 9.8 | 10.0 | 9y ago | QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerabili… | |||
| CVE-2017-13708 | critical | 9.8 | 10.0 | 9y ago | Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request. | |||
| CVE-2017-12478 | critical | 9.8 | 10.0 | 9y ago | It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw … | |||
| CVE-2017-12477 | critical | 9.8 | 10.0 | 9y ago | It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacke… | |||
| CVE-2017-11394 | critical | 9.8 | 10.0 | 9y ago | Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by par… | |||
| CVE-2017-9769 | critical | 9.8 | 10.0 | 9y ago | A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. | |||
| CVE-2017-11517 | critical | 9.8 | 10.0 | 9y ago | Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request. | |||
| CVE-2017-11467 | critical | 9.8 | 10.0 | 9y ago | OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection | |||
| CVE-2017-1000002 | critical | 9.8 | 10.0 | 9y ago | ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vu… | |||
| CVE-2017-6326 | critical | 10.0 | 10.0 | 9y ago | The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machi… | |||
| CVE-2017-9544 | critical | 9.8 | 10.0 | 9y ago | There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering… | |||
| CVE-2017-8835 | critical | 9.8 | 10.0 | 9y ago | SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth coo… | |||
| CVE-2017-9232 | critical | 9.8 | 10.0 | 9y ago | Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju | |||
| CVE-2017-1092 | critical | 9.8 | 10.0 | 9y ago | IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390. | |||
| CVE-2017-9101 | critical | 9.8 | 10.0 | 9y ago | import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | |||
| CVE-2017-8917 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-8895 | critical | 9.8 | 10.0 | 9y ago | In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of ser… | |||
| CVE-2017-6553 | critical | 9.8 | 10.0 | 9y ago | Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory … | |||
| CVE-2017-7722 | critical | 10.0 | 10.0 | 9y ago | In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiti… | |||
| CVE-2017-7581 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand f… | |||
| CVE-2017-7230 | critical | 9.8 | 10.0 | 9y ago | A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. | |||
| CVE-2017-6465 | critical | 9.8 | 10.0 | 9y ago | Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leadin… | |||
| CVE-2017-6526 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi PO… | |||
| CVE-2017-6416 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a … | |||
| CVE-2017-6187 | critical | 9.8 | 10.0 | 9y ago | Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request. | |||
| CVE-2017-5162 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. | |||
| CVE-2017-3248 | critical | 9.8 | 10.0 | 10y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. … | |||
| CVE-2017-5261 | high | 8.8 | 9.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to … | |||
| CVE-2017-5260 | high | 8.8 | 9.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' acco… | |||
| CVE-2017-5259 | high | 8.8 | 9.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/sysc… | |||
| CVE-2017-5255 | high | 8.8 | 9.8 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-… | |||
| CVE-2017-5254 | high | 8.8 | 9.8 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after di… | |||
| CVE-2017-15889 | high | 8.8 | 9.8 | 9y ago | Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | |||
| CVE-2017-16524 | high | 8.8 | 9.8 | 9y ago | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrar… | |||
| CVE-2017-7411 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value tha… | |||
| CVE-2017-1000117 | high | 8.8 | 9.8 | 9y ago | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Suc… | |||
| CVE-2017-6090 | high | 8.8 | 9.8 | 9y ago | Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte… | |||
| CVE-2017-11610 | high | 8.8 | 9.8 | 9y ago | The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC req… | |||
| CVE-2017-11392 | high | 8.8 | 9.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |||
| CVE-2017-11391 | high | 8.8 | 9.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |||
| CVE-2017-7442 | high | 8.8 | 9.8 | 9y ago | Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | |||
| CVE-2017-9757 | high | 8.8 | 9.8 | 9y ago | IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF. | |||
| CVE-2017-9462 | high | 8.8 | 9.8 | 9y ago | In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | |||
| CVE-2017-9417 | critical | 9.8 | 9.8 | 9y ago | Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | |||
| CVE-2017-9080 | high | 8.8 | 9.8 | 9y ago | PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. | |||
| CVE-2017-6048 | high | 8.8 | 9.8 | 9y ago | A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, an… | |||
| CVE-2017-7615 | high | 8.8 | 9.8 | 9y ago | MantisBT allows arbitrary password reset | |||
| CVE-2017-6398 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is … | |||
| CVE-2017-3823 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plug… | |||
| CVE-2017-13872 | high | 8.1 | 9.1 | 9y ago | An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain a… | |||
| CVE-2017-5262 | high | 8.0 | 9.0 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. | |||
| CVE-2017-16995 | high | 7.8 | 8.8 | 9y ago | The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by lev… | |||
| CVE-2017-13861 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows a… | |||
| CVE-2017-13156 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | |||
| CVE-2017-14627 | high | 7.8 | 8.8 | 9y ago | Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) a… | |||
| CVE-2017-0781 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. | |||
| CVE-2017-1000083 | high | 7.8 | 8.8 | 9y ago | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a fi… | |||
| CVE-2017-8870 | high | 7.8 | 8.8 | 9y ago | Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. | |||
| CVE-2017-8869 | high | 7.8 | 8.8 | 9y ago | Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. | |||
| CVE-2017-3629 | high | 7.8 | 8.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low pri… | |||
| CVE-2017-8461 | high | 7.8 | 8.8 | 9y ago | Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a … | |||
| CVE-2017-4915 | high | 7.8 | 8.8 | 9y ago | VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to … | |||
| CVE-2017-3622 | high | 7.8 | 8.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily "exploitable" vulner… | |||
| CVE-2017-7310 | high | 7.8 | 8.8 | 9y ago | A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Se… | |||
| CVE-2017-7308 | high | 7.8 | 8.8 | 9y ago | The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (in… | |||
| CVE-2017-7922 | high | 7.6 | 8.6 | 9y ago | An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to se… | |||
| CVE-2017-17692 | high | 7.5 | 8.5 | 9y ago | Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the … | |||
| CVE-2017-16894 | high | 7.5 | 8.5 | 9y ago | In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Larav… | |||
| CVE-2017-16806 | high | 7.5 | 8.5 | 9y ago | The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | |||
| CVE-2017-16249 | high | 7.5 | 8.5 | 9y ago | The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with … | |||
| CVE-2017-7924 | high | 7.5 | 8.5 | 9y ago | An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could s… | |||
| CVE-2017-9798 | high | 7.5 | 8.5 | 9y ago | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb… | |||
| CVE-2017-1000028 | high | 7.5 | 8.5 | 9y ago | Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP G… | |||
| CVE-2017-8779 | high | 7.5 | 8.5 | 9y ago | rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows… | |||
| CVE-2017-1001000 | high | 7.5 | 8.5 | 9y ago | The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows … | |||
| CVE-2017-6510 | high | 7.5 | 8.5 | 9y ago | Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory. | |||
| CVE-2017-6527 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the… | |||
| CVE-2017-5982 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by … | |||
| CVE-2017-5146 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text. | |||
| CVE-2017-6168 | high | 7.4 | 8.4 | 9y ago | On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may b… | |||
| CVE-2017-1000364 | high | 7.4 | 8.4 | 9y ago | An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this af… | |||
| CVE-2017-12636 | high | 7.2 | 8.2 | 9y ago | multiple issues in couchdb | |||
| CVE-2017-1000119 | high | 7.2 | 8.2 | 9y ago | October CMS PHP Code Execution | |||
| CVE-2017-1000112 | high | 7.0 | 8.0 | 9y ago | Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two… | |||
| CVE-2017-7918 | medium | 6.8 | 7.8 | 9y ago | An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups u… | |||
| CVE-2017-0412 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H… | |||
| CVE-2017-0411 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H… |