CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8773 | critical | 9.8 | 9.8 | 9y ago | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validatio… | |||
| CVE-2017-7432 | critical | 9.8 | 9.8 | 9y ago | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. | |||
| CVE-2017-7476 | critical | 9.8 | 9.8 | 9y ago | Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. | |||
| CVE-2017-6551 | critical | 9.8 | 9.8 | 9y ago | Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. | |||
| CVE-2017-8399 | critical | 9.8 | 9.8 | 9y ago | PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." | |||
| CVE-2017-8378 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspe… | |||
| CVE-2017-8366 | critical | 9.8 | 9.8 | 9y ago | The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other imp… | |||
| CVE-2017-8359 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. | |||
| CVE-2017-8358 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | |||
| CVE-2017-7945 | critical | 9.8 | 9.8 | 9y ago | The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempt… | |||
| CVE-2017-2142 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-7895 | critical | 9.8 | 9.8 | 9y ago | The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possi… | |||
| CVE-2017-8305 | critical | 9.8 | 9.8 | 9y ago | The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. UDFclient's strlcpy is used only on systems with a C library (e.g., glibc) that lacks its own strlcpy. | |||
| CVE-2017-8307 | critical | 9.8 | 9.8 | 9y ago | In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulner… | |||
| CVE-2017-8297 | critical | 9.8 | 9.8 | 9y ago | A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | |||
| CVE-2017-8289 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attac… | |||
| CVE-2017-8287 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. | |||
| CVE-2017-8283 | critical | 9.8 | 9.8 | 9y ago | dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct dire… | |||
| CVE-2017-8218 | critical | 9.8 | 9.8 | 9y ago | vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password,… | |||
| CVE-2017-3234 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-8105 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | |||
| CVE-2017-8076 | critical | 9.8 | 9.8 | 9y ago | On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8075 | critical | 9.8 | 9.8 | 9y ago | On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8074 | critical | 9.8 | 9.8 | 9y ago | On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmw… | |||
| CVE-2017-7991 | critical | 9.8 | 9.8 | 9y ago | Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | |||
| CVE-2017-5158 | critical | 9.8 | 9.8 | 9y ago | An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parame… | |||
| CVE-2017-5645 | critical | 9.8 | 9.8 | 9y ago | Deserialization of Untrusted Data in Log4j | |||
| CVE-2017-5651 | critical | 9.8 | 9.8 | 9y ago | Expected Behavior Violation in Apache Tomcat | |||
| CVE-2017-7882 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. | |||
| CVE-2017-7878 | critical | 9.8 | 9.8 | 9y ago | SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | |||
| CVE-2017-7875 | critical | 9.8 | 9.8 | 9y ago | In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer o… | |||
| CVE-2017-7870 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. | |||
| CVE-2017-7866 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | |||
| CVE-2017-7865 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align… | |||
| CVE-2017-7864 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. | |||
| CVE-2017-7863 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | |||
| CVE-2017-7862 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | |||
| CVE-2017-7861 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. | |||
| CVE-2017-7860 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. | |||
| CVE-2017-7859 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | |||
| CVE-2017-7858 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | |||
| CVE-2017-7857 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfob… | |||
| CVE-2017-7856 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. | |||
| CVE-2017-7628 | critical | 9.8 | 9.8 | 9y ago | The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | |||
| CVE-2017-7280 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code… | |||
| CVE-2017-7279 | critical | 9.8 | 9.8 | 9y ago | An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. | |||
| CVE-2017-7719 | critical | 9.8 | 9.8 | 9y ago | SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_function… | |||
| CVE-2017-3063 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code executio… | |||
| CVE-2017-3062 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbi… | |||
| CVE-2017-3060 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3059 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3037 | critical | 9.8 | 9.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploita… | |||
| CVE-2017-7695 | critical | 9.8 | 9.8 | 9y ago | Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | |||
| CVE-2017-7691 | critical | 9.8 | 9.8 | 9y ago | A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | |||
| CVE-2017-7689 | critical | 9.8 | 9.8 | 9y ago | A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | |||
| CVE-2017-7625 | critical | 9.8 | 9.8 | 9y ago | In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | |||
| CVE-2017-7239 | critical | 9.8 | 9.8 | 9y ago | Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. | |||
| CVE-2017-5983 | critical | 9.8 | 9.8 | 9y ago | The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, … | |||
| CVE-2017-7614 | critical | 9.8 | 9.8 | 9y ago | elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote a… | |||
| CVE-2017-7577 | critical | 9.8 | 9.8 | 9y ago | XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. | |||
| CVE-2017-7576 | critical | 9.8 | 9.8 | 9y ago | DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credent… | |||
| CVE-2017-7575 | critical | 9.8 | 9.8 | 9y ago | Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus p… | |||
| CVE-2017-7574 | critical | 9.8 | 9.8 | 9y ago | Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized… | |||
| CVE-2017-3834 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete contr… | |||
| CVE-2017-0305 | critical | 9.8 | 9.8 | 9y ago | F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, an… | |||
| CVE-2017-7450 | critical | 9.8 | 9.8 | 9y ago | AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot,… | |||
| CVE-2017-7540 | critical | 9.8 | 9.8 | 9y ago | Safemode Gem Has Incomplete List of Disallowed Inputs | |||
| CVE-2017-7410 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, … | |||
| CVE-2017-5642 | critical | 9.8 | 9.8 | 9y ago | During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | |||
| CVE-2017-5949 | critical | 9.8 | 9.8 | 9y ago | JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possib… | |||
| CVE-2017-2477 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corrup… | |||
| CVE-2017-2434 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presenc… | |||
| CVE-2017-2428 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nght… | |||
| CVE-2017-2423 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass int… | |||
| CVE-2017-2402 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multi… | |||
| CVE-2017-3010 | critical | 9.8 | 9.8 | 9y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitat… | |||
| CVE-2017-7324 | critical | 9.8 | 9.8 | 9y ago | setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | |||
| CVE-2017-7321 | critical | 9.8 | 9.8 | 9y ago | setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | |||
| CVE-2017-7318 | critical | 9.8 | 9.8 | 9y ago | Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as… | |||
| CVE-2017-7191 | critical | 9.8 | 9.8 | 9y ago | The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2017-6013 | critical | 9.8 | 9.8 | 9y ago | Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. | |||
| CVE-2017-5511 | critical | 9.8 | 9.8 | 9y ago | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. | |||
| CVE-2017-5337 | critical | 9.8 | 9.8 | 9y ago | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |||
| CVE-2017-5336 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted Op… | |||
| CVE-2017-5334 | critical | 9.8 | 9.8 | 9y ago | Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language in… | |||
| CVE-2017-6950 | critical | 9.8 | 9.8 | 9y ago | SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | |||
| CVE-2017-6895 | critical | 9.8 | 9.8 | 9y ago | USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | |||
| CVE-2017-6517 | critical | 9.8 | 9.8 | 9y ago | Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dl… | |||
| CVE-2017-5897 | critical | 9.8 | 9.8 | 9y ago | The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds … | |||
| CVE-2017-5538 | critical | 9.8 | 9.8 | 9y ago | The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified i… | |||
| CVE-2017-3853 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow rem… | |||
| CVE-2017-7214 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level lo… | |||
| CVE-2017-7174 | critical | 9.8 | 9.8 | 9y ago | The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5. | |||
| CVE-2017-6023 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE ver… | |||
| CVE-2017-3831 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full a… | |||
| CVE-2017-5522 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary… | |||
| CVE-2017-5668 | critical | 9.8 | 9.8 | 9y ago | bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact … | |||
| CVE-2017-6080 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerabilit… | |||
| CVE-2017-5929 | critical | 9.8 | 9.8 | 9y ago | QOS.ch Logback vulnerable to Deserialization of Untrusted Data | |||
| CVE-2017-5674 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - … |