CVEs from 2017
Total
11,683
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8224 | critical | 9.8 | 9.8 | 9y ago | Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. | |||
| CVE-2017-8218 | critical | 9.8 | 9.8 | 9y ago | vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password,… | |||
| CVE-2017-3234 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-8105 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | |||
| CVE-2017-8076 | critical | 9.8 | 9.8 | 9y ago | On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8075 | critical | 9.8 | 9.8 | 9y ago | On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8074 | critical | 9.8 | 9.8 | 9y ago | On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmw… | |||
| CVE-2017-7991 | critical | 9.8 | 9.8 | 9y ago | Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | |||
| CVE-2017-8051 | critical | 9.8 | 9.8 | 9y ago | Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote… | |||
| CVE-2017-5158 | critical | 9.8 | 9.8 | 9y ago | An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parame… | |||
| CVE-2017-5645 | critical | 9.8 | 9.8 | 9y ago | Deserialization of Untrusted Data in Log4j | |||
| CVE-2017-5651 | critical | 9.8 | 9.8 | 9y ago | Expected Behavior Violation in Apache Tomcat | |||
| CVE-2017-7615 | high | 8.8 | 9.8 | 9y ago | MantisBT allows arbitrary password reset | |||
| CVE-2017-7882 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. | |||
| CVE-2017-7878 | critical | 9.8 | 9.8 | 9y ago | SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | |||
| CVE-2017-7875 | critical | 9.8 | 9.8 | 9y ago | In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer o… | |||
| CVE-2017-7870 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. | |||
| CVE-2017-7866 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | |||
| CVE-2017-7865 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align… | |||
| CVE-2017-7864 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. | |||
| CVE-2017-7863 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | |||
| CVE-2017-7862 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | |||
| CVE-2017-7861 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. | |||
| CVE-2017-7860 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. | |||
| CVE-2017-7859 | critical | 9.8 | 9.8 | 9y ago | FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | |||
| CVE-2017-7858 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | |||
| CVE-2017-7857 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfob… | |||
| CVE-2017-7856 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. | |||
| CVE-2017-7628 | critical | 9.8 | 9.8 | 9y ago | The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | |||
| CVE-2017-7280 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code… | |||
| CVE-2017-7279 | critical | 9.8 | 9.8 | 9y ago | An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. | |||
| CVE-2017-7719 | critical | 9.8 | 9.8 | 9y ago | SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_function… | |||
| CVE-2017-3063 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code executio… | |||
| CVE-2017-3062 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbi… | |||
| CVE-2017-3061 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3060 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3059 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3037 | critical | 9.8 | 9.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploita… | |||
| CVE-2017-7588 | critical | 9.8 | 9.8 | 9y ago | On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW… | |||
| CVE-2017-7695 | critical | 9.8 | 9.8 | 9y ago | Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | |||
| CVE-2017-7691 | critical | 9.8 | 9.8 | 9y ago | A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | |||
| CVE-2017-7689 | critical | 9.8 | 9.8 | 9y ago | A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | |||
| CVE-2017-7462 | critical | 9.8 | 9.8 | 9y ago | Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. | |||
| CVE-2017-7625 | critical | 9.8 | 9.8 | 9y ago | In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | |||
| CVE-2017-7239 | critical | 9.8 | 9.8 | 9y ago | Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. | |||
| CVE-2017-5983 | critical | 9.8 | 9.8 | 9y ago | The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, … | |||
| CVE-2017-7614 | critical | 9.8 | 9.8 | 9y ago | elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote a… | |||
| CVE-2017-0561 | critical | 9.8 | 9.8 | 9y ago | A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due … | |||
| CVE-2017-7577 | critical | 9.8 | 9.8 | 9y ago | XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. | |||
| CVE-2017-7576 | critical | 9.8 | 9.8 | 9y ago | DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credent… | |||
| CVE-2017-7575 | critical | 9.8 | 9.8 | 9y ago | Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus p… | |||
| CVE-2017-7574 | critical | 9.8 | 9.8 | 9y ago | Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized… | |||
| CVE-2017-3834 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete contr… | |||
| CVE-2017-7237 | critical | 9.8 | 9.8 | 9y ago | The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of th… | |||
| CVE-2017-0305 | critical | 9.8 | 9.8 | 9y ago | F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, an… | |||
| CVE-2017-7450 | critical | 9.8 | 9.8 | 9y ago | AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot,… | |||
| CVE-2017-7540 | critical | 9.8 | 9.8 | 9y ago | Safemode Gem Has Incomplete List of Disallowed Inputs | |||
| CVE-2017-7410 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, … | |||
| CVE-2017-7402 | critical | 9.8 | 9.8 | 9y ago | Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, … | |||
| CVE-2017-5642 | critical | 9.8 | 9.8 | 9y ago | During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | |||
| CVE-2017-5949 | critical | 9.8 | 9.8 | 9y ago | JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possib… | |||
| CVE-2017-2477 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corrup… | |||
| CVE-2017-2434 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presenc… | |||
| CVE-2017-2428 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nght… | |||
| CVE-2017-2423 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass int… | |||
| CVE-2017-2402 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multi… | |||
| CVE-2017-3010 | critical | 9.8 | 9.8 | 9y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitat… | |||
| CVE-2017-6182 | critical | 9.8 | 9.8 | 9y ago | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | |||
| CVE-2017-7324 | critical | 9.8 | 9.8 | 9y ago | setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | |||
| CVE-2017-7321 | critical | 9.8 | 9.8 | 9y ago | setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | |||
| CVE-2017-7318 | critical | 9.8 | 9.8 | 9y ago | Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as… | |||
| CVE-2017-7191 | critical | 9.8 | 9.8 | 9y ago | The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2017-6542 | critical | 9.8 | 9.8 | 9y ago | The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect… | |||
| CVE-2017-6013 | critical | 9.8 | 9.8 | 9y ago | Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. | |||
| CVE-2017-2641 | critical | 9.8 | 9.8 | 9y ago | Moodle SQL injection via user preferences | |||
| CVE-2017-5511 | critical | 9.8 | 9.8 | 9y ago | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. | |||
| CVE-2017-5337 | critical | 9.8 | 9.8 | 9y ago | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |||
| CVE-2017-5336 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted Op… | |||
| CVE-2017-5334 | critical | 9.8 | 9.8 | 9y ago | Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language in… | |||
| CVE-2017-6950 | critical | 9.8 | 9.8 | 9y ago | SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | |||
| CVE-2017-6895 | critical | 9.8 | 9.8 | 9y ago | USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | |||
| CVE-2017-6517 | critical | 9.8 | 9.8 | 9y ago | Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dl… | |||
| CVE-2017-6361 | critical | 9.8 | 9.8 | 9y ago | QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2017-6360 | critical | 9.8 | 9.8 | 9y ago | QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. | |||
| CVE-2017-6359 | critical | 9.8 | 9.8 | 9y ago | QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. | |||
| CVE-2017-5897 | critical | 9.8 | 9.8 | 9y ago | The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds … | |||
| CVE-2017-5538 | critical | 9.8 | 9.8 | 9y ago | The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified i… | |||
| CVE-2017-6972 | critical | 9.8 | 9.8 | 9y ago | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulne… | |||
| CVE-2017-3853 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow rem… | |||
| CVE-2017-7214 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level lo… | |||
| CVE-2017-6550 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) … | |||
| CVE-2017-7174 | critical | 9.8 | 9.8 | 9y ago | The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5. | |||
| CVE-2017-6880 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. | |||
| CVE-2017-6023 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE ver… | |||
| CVE-2017-3831 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full a… | |||
| CVE-2017-5522 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary… | |||
| CVE-2017-5496 | critical | 9.8 | 9.8 | 9y ago | Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash. | |||
| CVE-2017-5358 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (… | |||
| CVE-2017-5668 | critical | 9.8 | 9.8 | 9y ago | bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact … | |||
| CVE-2017-6398 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is … |