CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13875 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-13870 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |||
| CVE-2017-13867 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the … | |||
| CVE-2017-13866 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |||
| CVE-2017-13861 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows a… | |||
| CVE-2017-13856 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |||
| CVE-2017-13847 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary co… | |||
| CVE-2017-15313 | high | 8.8 | 8.8 | 9y ago | Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device. | |||
| CVE-2017-15311 | high | 8.8 | 8.8 | 9y ago | The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00… | |||
| CVE-2017-15308 | high | 8.8 | 8.8 | 9y ago | Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load maliciou… | |||
| CVE-2017-17410 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in t… | |||
| CVE-2017-17409 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in t… | |||
| CVE-2017-17408 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in t… | |||
| CVE-2017-17831 | high | 8.8 | 8.8 | 9y ago | GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within … | |||
| CVE-2017-17827 | high | 8.8 | 8.8 | 9y ago | Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin use… | |||
| CVE-2017-16731 | high | 8.8 | 8.8 | 9y ago | An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentic… | |||
| CVE-2017-1757 | high | 8.8 | 8.8 | 9y ago | IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in … | |||
| CVE-2017-1746 | high | 8.8 | 8.8 | 9y ago | IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from … | |||
| CVE-2017-1696 | high | 8.8 | 8.8 | 9y ago | IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to… | |||
| CVE-2017-1631 | high | 8.8 | 8.8 | 9y ago | IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from … | |||
| CVE-2017-17476 | high | 8.8 | 8.8 | 9y ago | Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequent… | |||
| CVE-2017-4941 | high | 8.8 | 8.8 | 9y ago | VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC … | |||
| CVE-2017-4933 | high | 8.8 | 8.8 | 9y ago | VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap ov… | |||
| CVE-2017-16587 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16586 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16585 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16583 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16582 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16581 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16578 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16577 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16576 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16575 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16572 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-16571 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14837 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14836 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target m… | |||
| CVE-2017-14835 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14834 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14833 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14832 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14831 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14830 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14829 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14828 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14827 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14826 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14825 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14824 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-14823 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-10959 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-10958 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-10957 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-17782 | high | 8.8 | 8.8 | 9y ago | In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | |||
| CVE-2017-17774 | high | 8.8 | 8.8 | 9y ago | admin/configuration.php in Piwigo 2.9.2 has CSRF. | |||
| CVE-2017-17758 | high | 8.8 | 8.8 | 9y ago | TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to … | |||
| CVE-2017-17757 | high | 8.8 | 8.8 | 9y ago | TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related t… | |||
| CVE-2017-11562 | high | 8.8 | 8.8 | 9y ago | A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php. | |||
| CVE-2017-15700 | high | 8.8 | 8.8 | 9y ago | Apache Sling Authentication Service vulnerability | |||
| CVE-2017-15103 | high | 8.8 | 8.8 | 9y ago | Heketi Arbitrary Code Execution in github.com/heketi/heketi | |||
| CVE-2017-17727 | high | 8.8 | 8.8 | 9y ago | DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | |||
| CVE-2017-17715 | high | 8.8 | 8.8 | 9y ago | The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a re… | |||
| CVE-2017-3193 | high | 8.8 | 8.8 | 9y ago | Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | |||
| CVE-2017-14092 | high | 8.8 | 8.8 | 9y ago | The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-c… | |||
| CVE-2017-14184 | high | 8.8 | 8.8 | 9y ago | An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334… | |||
| CVE-2017-17695 | high | 8.8 | 8.8 | 9y ago | Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | |||
| CVE-2017-17670 | high | 8.8 | 8.8 | 9y ago | In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be … | |||
| CVE-2017-17535 | high | 8.8 | 8.8 | 9y ago | lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-inje… | |||
| CVE-2017-17534 | high | 8.8 | 8.8 | 9y ago | uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection at… | |||
| CVE-2017-17533 | high | 8.8 | 8.8 | 9y ago | default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attac… | |||
| CVE-2017-17532 | high | 8.8 | 8.8 | 9y ago | examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct arg… | |||
| CVE-2017-17531 | high | 8.8 | 8.8 | 9y ago | gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection at… | |||
| CVE-2017-17530 | high | 8.8 | 8.8 | 9y ago | common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection … | |||
| CVE-2017-17529 | high | 8.8 | 8.8 | 9y ago | af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argume… | |||
| CVE-2017-17528 | high | 8.8 | 8.8 | 9y ago | backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to cond… | |||
| CVE-2017-17527 | high | 8.8 | 8.8 | 9y ago | delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct ar… | |||
| CVE-2017-17526 | high | 8.8 | 8.8 | 9y ago | Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-… | |||
| CVE-2017-17525 | high | 8.8 | 8.8 | 9y ago | guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct a… | |||
| CVE-2017-17524 | high | 8.8 | 8.8 | 9y ago | library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument… | |||
| CVE-2017-17522 | high | 8.8 | 8.8 | 9y ago | Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-… | |||
| CVE-2017-17521 | high | 8.8 | 8.8 | 9y ago | uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-inj… | |||
| CVE-2017-17520 | high | 8.8 | 8.8 | 9y ago | tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injectio… | |||
| CVE-2017-17519 | high | 8.8 | 8.8 | 9y ago | batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remot… | |||
| CVE-2017-17518 | high | 8.8 | 8.8 | 9y ago | swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to c… | |||
| CVE-2017-17517 | high | 8.8 | 8.8 | 9y ago | libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-i… | |||
| CVE-2017-17515 | high | 8.8 | 8.8 | 9y ago | etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection … | |||
| CVE-2017-17514 | high | 8.8 | 8.8 | 9y ago | boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks vi… | |||
| CVE-2017-17513 | high | 8.8 | 8.8 | 9y ago | TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attack… | |||
| CVE-2017-17511 | high | 8.8 | 8.8 | 9y ago | KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a c… | |||
| CVE-2017-5663 | high | 8.8 | 8.8 | 9y ago | In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT que… | |||
| CVE-2017-17665 | high | 8.8 | 8.8 | 9y ago | In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a … | |||
| CVE-2017-5534 | high | 8.8 | 8.8 | 9y ago | The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Communi… | |||
| CVE-2017-11936 | high | 8.8 | 8.8 | 9y ago | Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | |||
| CVE-2017-5717 | high | 7.8 | 8.8 | 9y ago | Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access. | |||
| CVE-2017-16689 | high | 8.8 | 8.8 | 9y ago | A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established t… | |||
| CVE-2017-1606 | high | 8.8 | 8.8 | 9y ago | IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allo… | |||
| CVE-2017-17551 | high | 8.8 | 8.8 | 9y ago | The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Br… | |||
| CVE-2017-17536 | high | 8.8 | 8.8 | 9y ago | Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a bra… | |||
| CVE-2017-17523 | high | 8.8 | 8.8 | 9y ago | lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-inje… | |||
| CVE-2017-17512 | high | 8.8 | 8.8 | 9y ago | sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argumen… |