CVEs from 2017
Total
11,713
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6616 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnera… | |||
| CVE-2017-5156 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will… | |||
| CVE-2017-7692 | high | 8.8 | 8.8 | 9y ago | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit … | |||
| CVE-2017-7283 | high | 8.8 | 8.8 | 9y ago | An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the… | |||
| CVE-2017-7881 | high | 8.8 | 8.8 | 9y ago | BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an… | |||
| CVE-2017-7877 | high | 8.8 | 8.8 | 9y ago | CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | |||
| CVE-2017-7717 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified… | |||
| CVE-2017-1205 | high | 8.8 | 8.8 | 9y ago | IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. | |||
| CVE-2017-7219 | high | 8.8 | 8.8 | 9y ago | A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run … | |||
| CVE-2017-7284 | high | 8.8 | 8.8 | 9y ago | An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the c… | |||
| CVE-2017-7281 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows fo… | |||
| CVE-2017-3006 | high | 8.8 | 8.8 | 9y ago | Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. | |||
| CVE-2017-7694 | high | 8.8 | 8.8 | 9y ago | Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. … | |||
| CVE-2017-7647 | high | 8.8 | 8.8 | 9y ago | SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. | |||
| CVE-2017-7622 | high | 8.8 | 8.8 | 9y ago | dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Any… | |||
| CVE-2017-7617 | high | 8.8 | 8.8 | 9y ago | Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, re… | |||
| CVE-2017-7570 | high | 8.8 | 8.8 | 9y ago | PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to ch… | |||
| CVE-2017-4964 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | |||
| CVE-2017-7565 | high | 8.8 | 8.8 | 9y ago | Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | |||
| CVE-2017-6968 | high | 8.8 | 8.8 | 9y ago | GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03. | |||
| CVE-2017-7447 | high | 8.8 | 8.8 | 9y ago | HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code. | |||
| CVE-2017-7446 | high | 8.8 | 8.8 | 9y ago | HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. | |||
| CVE-2017-6956 | high | 8.8 | 8.8 | 9y ago | On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point … | |||
| CVE-2017-7413 | high | 8.8 | 8.8 | 9y ago | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled… | |||
| CVE-2017-7398 | high | 8.8 | 8.8 | 9y ago | D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin i… | |||
| CVE-2017-2485 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2481 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2476 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2471 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-… | |||
| CVE-2017-2470 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2469 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2468 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2466 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2465 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2464 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2463 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tv… | |||
| CVE-2017-2460 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2459 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2457 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitr… | |||
| CVE-2017-2455 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2454 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2446 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2444 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "C… | |||
| CVE-2017-2433 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitr… | |||
| CVE-2017-2415 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "W… | |||
| CVE-2017-2405 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to … | |||
| CVE-2017-2403 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbi… | |||
| CVE-2017-2396 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2395 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2394 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2381 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging mem… | |||
| CVE-2017-2378 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attack… | |||
| CVE-2017-7393 | high | 8.8 | 8.8 | 9y ago | In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. | |||
| CVE-2017-7253 | high | 8.8 | 8.8 | 9y ago | Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with ad… | |||
| CVE-2017-7310 | high | 7.8 | 8.8 | 9y ago | A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Se… | |||
| CVE-2017-7308 | high | 7.8 | 8.8 | 9y ago | The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (in… | |||
| CVE-2017-5671 | high | 8.8 | 8.8 | 9y ago | Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, whic… | |||
| CVE-2017-2689 | high | 8.8 | 8.8 | 9y ago | Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration… | |||
| CVE-2017-2688 | high | 8.8 | 8.8 | 9y ago | The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the target… | |||
| CVE-2017-7297 | high | 8.8 | 8.8 | 9y ago | Rancher Access Control Vulnerability in github.com/rancher/rancher | |||
| CVE-2017-1153 | high | 8.8 | 8.8 | 9y ago | IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. | |||
| CVE-2017-6460 | high | 8.8 | 8.8 | 9y ago | Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction l… | |||
| CVE-2017-6458 | high | 8.8 | 8.8 | 9y ago | Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | |||
| CVE-2017-5931 | high | 8.8 | 8.8 | 9y ago | Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code … | |||
| CVE-2017-6069 | high | 8.8 | 8.8 | 9y ago | Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. | |||
| CVE-2017-6068 | high | 8.8 | 8.8 | 9y ago | Subrion CMS vulnerable to CSRF in admin/blocks/add | |||
| CVE-2017-6066 | high | 8.8 | 8.8 | 9y ago | Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. | |||
| CVE-2017-6002 | high | 8.8 | 8.8 | 9y ago | Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. | |||
| CVE-2017-6087 | high | 8.8 | 8.8 | 9y ago | EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3… | |||
| CVE-2017-5869 | high | 8.8 | 8.8 | 9y ago | Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in … | |||
| CVE-2017-5199 | high | 8.8 | 8.8 | 9y ago | The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | |||
| CVE-2017-5198 | high | 8.8 | 8.8 | 9y ago | SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. | |||
| CVE-2017-3858 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is d… | |||
| CVE-2017-6971 | high | 8.8 | 8.8 | 9y ago | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving t… | |||
| CVE-2017-5874 | high | 8.8 | 8.8 | 9y ago | CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | |||
| CVE-2017-6803 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication… | |||
| CVE-2017-7178 | high | 8.8 | 8.8 | 9y ago | CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) caus… | |||
| CVE-2017-0090 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0089 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0088 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote… | |||
| CVE-2017-0087 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0086 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0084 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2017-0083 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0072 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-3854 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to… | |||
| CVE-2017-3819 | high | 8.8 | 8.8 | 9y ago | A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Pack… | |||
| CVE-2017-6366 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that pe… | |||
| CVE-2017-6896 | high | 8.8 | 8.8 | 9y ago | Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session… | |||
| CVE-2017-3003 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. … | |||
| CVE-2017-3002 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation cou… | |||
| CVE-2017-3001 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbit… | |||
| CVE-2017-2999 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitatio… | |||
| CVE-2017-2998 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitati… | |||
| CVE-2017-2997 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitati… | |||
| CVE-2017-6180 | high | 8.8 | 8.8 | 9y ago | Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). | |||
| CVE-2017-6081 | high | 8.8 | 8.8 | 9y ago | A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for u… | |||
| CVE-2017-5675 | high | 8.8 | 8.8 | 9y ago | A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the ma… | |||
| CVE-2017-6823 | high | 8.8 | 8.8 | 9y ago | Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | |||
| CVE-2017-6529 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter. |