CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14608 | critical | 9.1 | 9.1 | 9y ago | In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to … | |||
| CVE-2017-12883 | critical | 9.1 | 9.1 | 9y ago | Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of se… | |||
| CVE-2017-0898 | critical | 9.1 | 9.1 | 9y ago | Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting … | |||
| CVE-2017-12249 | critical | 9.1 | 9.1 | 9y ago | A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to… | |||
| CVE-2017-14230 | critical | 9.1 | 9.1 | 9y ago | In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow re… | |||
| CVE-2017-14122 | critical | 9.1 | 9.1 | 9y ago | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. | |||
| CVE-2017-10833 | critical | 9.1 | 9.1 | 9y ago | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. | |||
| CVE-2017-1383 | critical | 9.1 | 9.1 | 9y ago | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to exp… | |||
| CVE-2017-11694 | critical | 9.1 | 9.1 | 9y ago | MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate direct… | |||
| CVE-2017-11693 | critical | 9.1 | 9.1 | 9y ago | MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate … | |||
| CVE-2017-2277 | critical | 9.1 | 9.1 | 9y ago | WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. | |||
| CVE-2017-9788 | critical | 9.1 | 9.1 | 9y ago | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assi… | |||
| CVE-2017-11147 | critical | 9.1 | 9.1 | 9y ago | In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due … | |||
| CVE-2017-6711 | critical | 9.1 | 9.1 | 9y ago | A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulne… | |||
| CVE-2017-10917 | critical | 9.1 | 9.1 | 9y ago | Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly o… | |||
| CVE-2017-2782 | critical | 9.1 | 9.1 | 9y ago | An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, l… | |||
| CVE-2017-9097 | critical | 9.1 | 9.1 | 9y ago | In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, a… | |||
| CVE-2017-7337 | critical | 9.1 | 9.1 | 9y ago | An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen ses… | |||
| CVE-2017-9053 | critical | 9.1 | 9.1 | 9y ago | An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in … | |||
| CVE-2017-8872 | critical | 9.1 | 9.1 | 9y ago | The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. | |||
| CVE-2017-8827 | critical | 9.1 | 9.1 | 9y ago | GeniXCMS Arbitrary User Password Reset Vulnerability | |||
| CVE-2017-7229 | critical | 9.1 | 9.1 | 9y ago | PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-… | |||
| CVE-2017-6520 | critical | 9.1 | 9.1 | 9y ago | The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a de… | |||
| CVE-2017-6519 | critical | 9.1 | 9.1 | 9y ago | avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (tra… | |||
| CVE-2017-3508 | critical | 9.1 | 9.1 | 9y ago | Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2,… | |||
| CVE-2017-5648 | critical | 9.1 | 9.1 | 9y ago | Exposure of Resource to Wrong Sphere in Apache Tomcat | |||
| CVE-2017-7357 | critical | 9.1 | 9.1 | 9y ago | Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | |||
| CVE-2017-2989 | critical | 9.1 | 9.1 | 9y ago | Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. | |||
| CVE-2017-7226 | critical | 9.1 | 9.1 | 9y ago | The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses… | |||
| CVE-2017-6969 | critical | 9.1 | 9.1 | 9y ago | readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak a… | |||
| CVE-2017-2968 | critical | 9.1 | 9.1 | 9y ago | Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | |||
| CVE-2017-5152 | critical | 9.1 | 9.1 | 9y ago | An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICA… | |||
| CVE-2017-5142 | critical | 9.1 | 9.1 | 9y ago | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the pa… | |||
| CVE-2017-5539 | critical | 9.1 | 9.1 | 10y ago | The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit t… | |||
| CVE-2017-5545 | critical | 9.1 | 9.1 | 10y ago | The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via App… | |||
| CVE-2017-5209 | critical | 9.1 | 9.1 | 10y ago | The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) vi… | |||
| CVE-2017-14591 | critical | 9.0 | 9.0 | 9y ago | Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary cod… | |||
| CVE-2017-10102 | critical | 9.0 | 9.0 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Diff… | |||
| CVE-2017-4919 | critical | 9.0 | 9.0 | 9y ago | VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | |||
| CVE-2017-5691 | critical | 9.0 | 9.0 | 9y ago | Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows… | |||
| CVE-2017-10915 | critical | 9.0 | 9.0 | 9y ago | The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. | |||
| CVE-2017-2292 | critical | 9.0 | 9.0 | 9y ago | Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.sa… | |||
| CVE-2017-5206 | critical | 9.0 | 9.0 | 9y ago | Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. | |||
| CVE-2017-0021 | critical | 9.0 | 9.0 | 9y ago | Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Str… | |||
| CVE-2017-2787 | critical | 9.0 | 9.0 | 9y ago | A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buf… | |||
| CVE-2017-2684 | critical | 9.0 | 9.0 | 9y ago | Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level au… | |||
| CVE-2017-3310 | critical | 9.0 | 9.0 | 10y ago | Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having C… | |||
| CVE-2017-7918 | medium | 6.8 | 7.8 | 9y ago | An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups u… | |||
| CVE-2017-11823 | medium | 6.7 | 7.7 | 9y ago | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microso… | |||
| CVE-2017-6516 | medium | 6.7 | 7.7 | 9y ago | A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-… | |||
| CVE-2017-7154 | medium | 6.6 | 7.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows lo… | |||
| CVE-2017-11885 | medium | 6.6 | 7.6 | 9y ago | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709… | |||
| CVE-2017-7938 | medium | 6.6 | 7.6 | 9y ago | Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other i… | |||
| CVE-2017-16787 | medium | 6.5 | 7.5 | 9y ago | The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | |||
| CVE-2017-16353 | medium | 6.5 | 7.5 | 9y ago | GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The p… | |||
| CVE-2017-15639 | medium | 6.5 | 7.5 | 9y ago | tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. | |||
| CVE-2017-15359 | medium | 6.5 | 7.5 | 9y ago | In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInf… | |||
| CVE-2017-15084 | medium | 6.5 | 7.5 | 9y ago | The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | |||
| CVE-2017-14841 | medium | 6.5 | 7.5 | 9y ago | Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | |||
| CVE-2017-0785 | medium | 6.5 | 7.5 | 9y ago | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | |||
| CVE-2017-1130 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h… | |||
| CVE-2017-1129 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213… | |||
| CVE-2017-12954 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. | |||
| CVE-2017-12953 | medium | 6.5 | 7.5 | 9y ago | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. | |||
| CVE-2017-12952 | medium | 6.5 | 7.5 | 9y ago | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||
| CVE-2017-12951 | medium | 6.5 | 7.5 | 9y ago | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a craft… | |||
| CVE-2017-12950 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||
| CVE-2017-11664 | medium | 6.5 | 7.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-11663 | medium | 6.5 | 7.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-8652 | medium | 6.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi… | |||
| CVE-2017-11356 | medium | 6.5 | 7.5 | 9y ago | The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by lever… | |||
| CVE-2017-11552 | medium | 6.5 | 7.5 | 9y ago | mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decode… | |||
| CVE-2017-10803 | medium | 6.5 | 7.5 | 9y ago | In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated pr… | |||
| CVE-2017-9936 | medium | 6.5 | 7.5 | 9y ago | In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. | |||
| CVE-2017-1000373 | medium | 6.5 | 7.5 | 9y ago | The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allo… | |||
| CVE-2017-9128 | medium | 6.5 | 7.5 | 9y ago | The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 … | |||
| CVE-2017-9127 | medium | 6.5 | 7.5 | 9y ago | The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted … | |||
| CVE-2017-9126 | medium | 6.5 | 7.5 | 9y ago | The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. | |||
| CVE-2017-9125 | medium | 6.5 | 7.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. | |||
| CVE-2017-9124 | medium | 6.5 | 7.5 | 9y ago | The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |||
| CVE-2017-9123 | medium | 6.5 | 7.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | |||
| CVE-2017-9122 | medium | 6.5 | 7.5 | 9y ago | The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |||
| CVE-2017-8871 | medium | 6.5 | 7.5 | 9y ago | The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | |||
| CVE-2017-9147 | medium | 6.5 | 7.5 | 9y ago | LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. | |||
| CVE-2017-4916 | medium | 6.5 | 7.5 | 9y ago | VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privilege… | |||
| CVE-2017-7620 | medium | 6.5 | 7.5 | 9y ago | MantisBT vulnerable to CSRF and Open Redirect attacks | |||
| CVE-2017-3548 | medium | 6.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "expl… | |||
| CVE-2017-3546 | medium | 6.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "… | |||
| CVE-2017-6339 | medium | 6.5 | 7.5 | 9y ago | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate A… | |||
| CVE-2017-6338 | medium | 6.5 | 7.5 | 9y ago | Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audit… | |||
| CVE-2017-2480 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tv… | |||
| CVE-2017-2479 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tv… | |||
| CVE-2017-2442 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attacke… | |||
| CVE-2017-2367 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-0063 | medium | 6.5 | 7.5 | 9y ago | The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT… | |||
| CVE-2017-2371 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site. | |||
| CVE-2017-2365 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2364 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the… | |||
| CVE-2017-2363 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve… | |||
| CVE-2017-1000367 | medium | 6.4 | 7.4 | 9y ago | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. |