CVEs from 2017
Total
11,960
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
13.8%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-6186 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-pro… | |
| CVE-2017-5567 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker… | |
| CVE-2017-5566 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a self-protectio… | |
| CVE-2017-5565 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a s… | |
| CVE-2017-6516 | medium | 6.7 | 6.7 | 9y ago | A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-… | |
| CVE-2017-3312 | medium | 6.7 | 6.7 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. … | |
| CVE-2017-7154 | medium | 6.6 | 6.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows lo… | |
| CVE-2017-11885 | medium | 6.6 | 6.6 | 9y ago | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709… | |
| CVE-2017-17558 | medium | 6.6 | 6.6 | 9y ago | The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces … | |
| CVE-2017-16650 | medium | 6.6 | 6.6 | 9y ago | The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have u… | |
| CVE-2017-16649 | medium | 6.6 | 6.6 | 9y ago | The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or poss… | |
| CVE-2017-16648 | medium | 6.6 | 6.6 | 9y ago | The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possib… | |
| CVE-2017-16647 | medium | 6.6 | 6.6 | 9y ago | drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impac… | |
| CVE-2017-16646 | medium | 6.6 | 6.6 | 9y ago | drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a … | |
| CVE-2017-16645 | medium | 6.6 | 6.6 | 9y ago | The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read … | |
| CVE-2017-16644 | medium | 6.6 | 6.6 | 9y ago | The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or poss… | |
| CVE-2017-16643 | medium | 6.6 | 6.6 | 9y ago | The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or pos… | |
| CVE-2017-12084 | medium | 6.6 | 6.6 | 9y ago | A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulti… | |
| CVE-2017-16538 | medium | 6.6 | 6.6 | 9y ago | drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified oth… | |
| CVE-2017-16537 | medium | 6.6 | 6.6 | 9y ago | The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have uns… | |
| CVE-2017-16536 | medium | 6.6 | 6.6 | 9y ago | The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system cr… | |
| CVE-2017-16535 | medium | 6.6 | 6.6 | 9y ago | The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly h… | |
| CVE-2017-16533 | medium | 6.6 | 6.6 | 9y ago | The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have uns… | |
| CVE-2017-16532 | medium | 6.6 | 6.6 | 9y ago | The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly ha… | |
| CVE-2017-16531 | medium | 6.6 | 6.6 | 9y ago | drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a craft… | |
| CVE-2017-16530 | medium | 6.6 | 6.6 | 9y ago | The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB devi… | |
| CVE-2017-16529 | medium | 6.6 | 6.6 | 9y ago | The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspec… | |
| CVE-2017-16528 | medium | 6.6 | 6.6 | 9y ago | sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other… | |
| CVE-2017-16527 | medium | 6.6 | 6.6 | 9y ago | sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact… | |
| CVE-2017-16525 | medium | 6.6 | 6.6 | 9y ago | The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possi… | |
| CVE-2017-9647 | medium | 6.6 | 6.6 | 9y ago | A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles… | |
| CVE-2017-8034 | medium | 6.6 | 6.6 | 9y ago | The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issue… | |
| CVE-2017-8032 | medium | 6.6 | 6.6 | 9y ago | Cloud Foundry UAA Identity Zone Admin Privilege Escalation | |
| CVE-2017-6325 | medium | 6.6 | 6.6 | 9y ago | The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time.… | |
| CVE-2017-7907 | medium | 6.6 | 6.6 | 9y ago | An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XM… | |
| CVE-2017-3600 | medium | 6.6 | 6.6 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. D… | |
| CVE-2017-3551 | medium | 6.6 | 6.6 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). The supported version that is affected is 11.3. Easily "exploitable" vulnerability all… | |
| CVE-2017-7938 | medium | 6.6 | 6.6 | 9y ago | Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other i… | |
| CVE-2017-7273 | medium | 6.6 | 6.6 | 9y ago | The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possib… | |
| CVE-2017-6911 | medium | 6.6 | 6.6 | 9y ago | USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify … | |
| CVE-2017-5623 | medium | 6.6 | 6.6 | 9y ago | An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' i… | |
| CVE-2017-5634 | medium | 6.6 | 6.6 | 9y ago | The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative priv… | |
| CVE-2017-20199 | medium | 6.5 | 6.5 | 10mo ago | A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in… | |
| CVE-2017-14136 | medium | 6.5 | 6.5 | 5y ago | OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability e… | |
| CVE-2017-17910 | medium | 6.5 | 6.5 | 9y ago | On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur tran… | |
| CVE-2017-17760 | medium | 6.5 | 6.5 | 9y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV | |
| CVE-2017-15886 | medium | 6.5 | 6.5 | 9y ago | Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | |
| CVE-2017-10910 | medium | 6.5 | 6.5 | 9y ago | MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. | |
| CVE-2017-9608 | medium | 6.5 | 6.5 | 9y ago | The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | |
| CVE-2017-7158 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for readin… | |
| CVE-2017-17934 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. | |
| CVE-2017-17914 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted … | |
| CVE-2017-17887 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image fi… | |
| CVE-2017-17886 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. | |
| CVE-2017-17885 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. | |
| CVE-2017-17884 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. | |
| CVE-2017-17883 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. | |
| CVE-2017-17882 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. | |
| CVE-2017-17881 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. | |
| CVE-2017-17844 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relyin… | |
| CVE-2017-15322 | medium | 6.5 | 6.5 | 9y ago | Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vuln… | |
| CVE-2017-15310 | medium | 6.5 | 6.5 | 9y ago | Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD c… | |
| CVE-2017-16766 | medium | 6.5 | 6.5 | 9y ago | An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML vi… | |
| CVE-2017-10872 | medium | 6.5 | 6.5 | 9y ago | H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors. | |
| CVE-2017-6134 | medium | 6.5 | 6.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced f… | |
| CVE-2017-14387 | medium | 6.5 | 6.5 | 9y ago | The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be l… | |
| CVE-2017-17747 | medium | 6.5 | 6.5 | 9y ago | Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. | |
| CVE-2017-16818 | medium | 6.5 | 6.5 | 9y ago | RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privil… | |
| CVE-2017-16589 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-16588 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-16584 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-16580 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-16579 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-16574 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-16573 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-14822 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-14821 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-14820 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-14819 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-14818 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target… | |
| CVE-2017-10956 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |
| CVE-2017-16786 | medium | 6.5 | 6.5 | 9y ago | The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterl… | |
| CVE-2017-14583 | medium | 6.5 | 6.5 | 9y ago | NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. | |
| CVE-2017-17741 | medium | 6.5 | 6.5 | 9y ago | The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to … | |
| CVE-2017-16787 | medium | 6.5 | 6.5 | 9y ago | The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | |
| CVE-2017-17682 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted… | |
| CVE-2017-17681 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a cra… | |
| CVE-2017-17680 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. | |
| CVE-2017-11305 | medium | 6.5 | 6.5 | 9y ago | A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. | |
| CVE-2017-11939 | medium | 6.5 | 6.5 | 9y ago | Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosu… | |
| CVE-2017-11927 | medium | 6.5 | 6.5 | 9y ago | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709… | |
| CVE-2017-16691 | medium | 6.5 | 6.5 | 9y ago | SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verific… | |
| CVE-2017-16683 | medium | 6.5 | 6.5 | 9y ago | Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | |
| CVE-2017-17555 | medium | 6.5 | 6.5 | 9y ago | The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of servi… | |
| CVE-2017-1550 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. | |
| CVE-2017-17508 | medium | 6.5 | 6.5 | 9y ago | In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |
| CVE-2017-17507 | medium | 6.5 | 6.5 | 9y ago | In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |
| CVE-2017-17506 | medium | 6.5 | 6.5 | 9y ago | In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |
| CVE-2017-17505 | medium | 6.5 | 6.5 | 9y ago | In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |
| CVE-2017-17504 | medium | 6.5 | 6.5 | 9y ago | ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. |