CVEs from 2017
Total
11,683
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9186 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17. | |||
| CVE-2017-9185 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7. | |||
| CVE-2017-9184 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7. | |||
| CVE-2017-9183 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7. | |||
| CVE-2017-9173 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29. | |||
| CVE-2017-9172 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29. | |||
| CVE-2017-9171 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24. | |||
| CVE-2017-9170 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25. | |||
| CVE-2017-9169 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25. | |||
| CVE-2017-9168 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25. | |||
| CVE-2017-9167 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25. | |||
| CVE-2017-9166 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11. | |||
| CVE-2017-9165 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11. | |||
| CVE-2017-9164 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11. | |||
| CVE-2017-9163 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54. | |||
| CVE-2017-9162 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2. | |||
| CVE-2017-9161 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23. | |||
| CVE-2017-9160 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12. | |||
| CVE-2017-9153 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13. | |||
| CVE-2017-9152 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41. | |||
| CVE-2017-9151 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12. | |||
| CVE-2017-6821 | critical | 9.8 | 9.8 | 9y ago | Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2017-6813 | critical | 9.8 | 9.8 | 9y ago | A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations. | |||
| CVE-2017-2527 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a … | |||
| CVE-2017-2524 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2523 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2522 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2520 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2519 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2518 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2513 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-9119 | critical | 9.8 | 9.8 | 9y ago | The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact b… | |||
| CVE-2017-7504 | critical | 9.8 | 9.8 | 9y ago | HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes fo… | |||
| CVE-2017-9080 | high | 8.8 | 9.8 | 9y ago | PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. | |||
| CVE-2017-6048 | high | 8.8 | 9.8 | 9y ago | A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, an… | |||
| CVE-2017-6027 | critical | 9.8 | 9.8 | 9y ago | An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizati… | |||
| CVE-2017-6025 | critical | 9.8 | 9.8 | 9y ago | A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizatio… | |||
| CVE-2017-5174 | critical | 9.8 | 9.8 | 9y ago | An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architectu… | |||
| CVE-2017-5173 | critical | 9.8 | 9.8 | 9y ago | An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnera… | |||
| CVE-2017-6622 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privil… | |||
| CVE-2017-7503 | critical | 9.8 | 9.8 | 9y ago | It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read fil… | |||
| CVE-2017-9058 | critical | 9.8 | 9.8 | 9y ago | In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | |||
| CVE-2017-9055 | critical | 9.8 | 9.8 | 9y ago | An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. | |||
| CVE-2017-9054 | critical | 9.8 | 9.8 | 9y ago | An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to… | |||
| CVE-2017-9052 | critical | 9.8 | 9.8 | 9y ago | An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few pl… | |||
| CVE-2017-9051 | critical | 9.8 | 9.8 | 9y ago | libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. | |||
| CVE-2017-6195 | critical | 9.8 | 9.8 | 9y ago | Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. | |||
| CVE-2017-9031 | critical | 9.8 | 9.8 | 9y ago | The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. | |||
| CVE-2017-5215 | critical | 9.8 | 9.8 | 9y ago | The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution. | |||
| CVE-2017-9026 | critical | 9.8 | 9.8 | 9y ago | Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted f… | |||
| CVE-2017-6079 | critical | 9.8 | 9.8 | 9y ago | The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use th… | |||
| CVE-2017-6886 | critical | 9.8 | 9.8 | 9y ago | An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | |||
| CVE-2017-6885 | critical | 9.8 | 9.8 | 9y ago | An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 t… | |||
| CVE-2017-6890 | critical | 9.8 | 9.8 | 9y ago | A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer … | |||
| CVE-2017-6889 | critical | 9.8 | 9.8 | 9y ago | An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. | |||
| CVE-2017-0252 | critical | 9.8 | 9.8 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0223 | critical | 9.8 | 9.8 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-8923 | critical | 9.8 | 9.8 | 9y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2017-7474 | critical | 9.8 | 9.8 | 9y ago | keycloak-connect and keycloak-js improperly handle invalid tokens | |||
| CVE-2017-8911 | critical | 9.8 | 9.8 | 9y ago | An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker. | |||
| CVE-2017-8898 | critical | 9.8 | 9.8 | 9y ago | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack use… | |||
| CVE-2017-8798 | critical | 9.8 | 9.8 | 9y ago | Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |||
| CVE-2017-5461 | critical | 9.8 | 9.8 | 9y ago | Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of… | |||
| CVE-2017-7888 | critical | 9.8 | 9.8 | 9y ago | Dolibarr ERP and CRM Insecure Encryption | |||
| CVE-2017-7886 | critical | 9.8 | 9.8 | 9y ago | Dolibarr SQL Injection in doli/theme/eldy/style.css.php via the lang parameter | |||
| CVE-2017-8859 | critical | 9.8 | 9.8 | 9y ago | In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. | |||
| CVE-2017-8858 | critical | 9.8 | 9.8 | 9y ago | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | |||
| CVE-2017-8857 | critical | 9.8 | 9.8 | 9y ago | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | |||
| CVE-2017-8856 | critical | 9.8 | 9.8 | 9y ago | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | |||
| CVE-2017-4982 | critical | 9.8 | 9.8 | 9y ago | EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise t… | |||
| CVE-2017-7925 | critical | 9.8 | 9.8 | 9y ago | A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX,… | |||
| CVE-2017-7909 | critical | 9.8 | 9.8 | 9y ago | A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and red… | |||
| CVE-2017-8799 | critical | 9.8 | 9.8 | 9y ago | Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To … | |||
| CVE-2017-8796 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | |||
| CVE-2017-8790 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection. | |||
| CVE-2017-8789 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. | |||
| CVE-2017-8303 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. | |||
| CVE-2017-8786 | critical | 9.8 | 9.8 | 9y ago | pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. | |||
| CVE-2017-8768 | critical | 9.8 | 9.8 | 9y ago | Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree… | |||
| CVE-2017-8775 | critical | 9.8 | 9.8 | 9y ago | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | |||
| CVE-2017-8774 | critical | 9.8 | 9.8 | 9y ago | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | |||
| CVE-2017-8773 | critical | 9.8 | 9.8 | 9y ago | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validatio… | |||
| CVE-2017-7432 | critical | 9.8 | 9.8 | 9y ago | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. | |||
| CVE-2017-7476 | critical | 9.8 | 9.8 | 9y ago | Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. | |||
| CVE-2017-6551 | critical | 9.8 | 9.8 | 9y ago | Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. | |||
| CVE-2017-8399 | critical | 9.8 | 9.8 | 9y ago | PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." | |||
| CVE-2017-8378 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspe… | |||
| CVE-2017-8366 | critical | 9.8 | 9.8 | 9y ago | The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other imp… | |||
| CVE-2017-8359 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. | |||
| CVE-2017-8358 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | |||
| CVE-2017-7945 | critical | 9.8 | 9.8 | 9y ago | The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempt… | |||
| CVE-2017-2142 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-7895 | critical | 9.8 | 9.8 | 9y ago | The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possi… | |||
| CVE-2017-8305 | critical | 9.8 | 9.8 | 9y ago | The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. UDFclient's strlcpy is used only on systems with a C library (e.g., glibc) that lacks its own strlcpy. | |||
| CVE-2017-8307 | critical | 9.8 | 9.8 | 9y ago | In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulner… | |||
| CVE-2017-8297 | critical | 9.8 | 9.8 | 9y ago | A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | |||
| CVE-2017-8289 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attac… | |||
| CVE-2017-8287 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. | |||
| CVE-2017-8283 | critical | 9.8 | 9.8 | 9y ago | dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct dire… | |||
| CVE-2017-8225 | critical | 9.8 | 9.8 | 9y ago | On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and… |