CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000112 | high | 7.0 | 8.0 | 9y ago | Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two… | |||
| CVE-2017-1000086 | high | 8.0 | 8.0 | 9y ago | Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings | |||
| CVE-2017-14925 | high | 8.0 | 8.0 | 9y ago | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global … | |||
| CVE-2017-14924 | high | 8.0 | 8.0 | 9y ago | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain adminis… | |||
| CVE-2017-14320 | high | 8.0 | 8.0 | 9y ago | Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files. | |||
| CVE-2017-14530 | high | 8.0 | 8.0 | 9y ago | WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. | |||
| CVE-2017-9644 | high | 7.0 | 8.0 | 9y ago | An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu … | |||
| CVE-2017-10661 | high | 7.0 | 8.0 | 9y ago | Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descript… | |||
| CVE-2017-7533 | high | 7.0 | 8.0 | 9y ago | Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that … | |||
| CVE-2017-2283 | high | 8.0 | 8.0 | 9y ago | WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | |||
| CVE-2017-7054 | high | 8.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-7051 | high | 8.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-7050 | high | 8.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-2183 | high | 8.0 | 8.0 | 9y ago | HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. | |||
| CVE-2017-6662 | high | 8.0 | 8.0 | 9y ago | A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access … | |||
| CVE-2017-5657 | high | 8.0 | 8.0 | 9y ago | Apache Archiva vulnerable to Cross Site Request Forgery | |||
| CVE-2017-6979 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2533 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in… | |||
| CVE-2017-2501 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-9138 | high | 8.0 | 8.0 | 9y ago | There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass inten… | |||
| CVE-2017-4014 | high | 8.0 | 8.0 | 9y ago | Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP requ… | |||
| CVE-2017-0214 | high | 7.0 | 8.0 | 9y ago | Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 201… | |||
| CVE-2017-0569 | high | 7.0 | 8.0 | 9y ago | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-2478 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2456 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-5899 | high | 7.0 | 8.0 | 9y ago | Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a … | |||
| CVE-2017-0103 | high | 7.0 | 8.0 | 9y ago | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privi… | |||
| CVE-2017-3565 | high | 7.9 | 7.9 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privile… | |||
| CVE-2017-3559 | high | 7.9 | 7.9 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3290 | high | 7.9 | 7.9 | 10y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Ea… | |||
| CVE-2017-11698 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted … | |||
| CVE-2017-11697 | high | 7.8 | 7.8 | 9y ago | The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted ce… | |||
| CVE-2017-11696 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted c… | |||
| CVE-2017-11695 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted ce… | |||
| CVE-2017-7163 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-7162 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the … | |||
| CVE-2017-7159 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privile… | |||
| CVE-2017-7155 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-17866 | high | 7.8 | 7.8 | 9y ago | pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (b… | |||
| CVE-2017-17863 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer… | |||
| CVE-2017-17857 | high | 7.8 | 7.8 | 9y ago | The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other im… | |||
| CVE-2017-17856 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-… | |||
| CVE-2017-17855 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of po… | |||
| CVE-2017-17854 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveragi… | |||
| CVE-2017-17853 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH … | |||
| CVE-2017-17852 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-… | |||
| CVE-2017-17840 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to la… | |||
| CVE-2017-17010 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified dire… | |||
| CVE-2017-16996 | high | 7.8 | 7.8 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncatio… | |||
| CVE-2017-13883 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-13879 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged c… | |||
| CVE-2017-13862 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the … | |||
| CVE-2017-13858 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context vi… | |||
| CVE-2017-13848 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context vi… | |||
| CVE-2017-15316 | high | 7.8 | 7.8 | 9y ago | The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vu… | |||
| CVE-2017-10909 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-17809 | high | 7.8 | 7.8 | 9y ago | In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the argum… | |||
| CVE-2017-17806 | high | 7.8 | 7.8 | 9y ago | The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_A… | |||
| CVE-2017-17805 | high | 7.8 | 7.8 | 9y ago | The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYP… | |||
| CVE-2017-14969 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114. | |||
| CVE-2017-14968 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113. | |||
| CVE-2017-14967 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080. | |||
| CVE-2017-14966 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0. | |||
| CVE-2017-14965 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc. | |||
| CVE-2017-14964 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c. | |||
| CVE-2017-14963 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058. | |||
| CVE-2017-14962 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to CVE-2017-171… | |||
| CVE-2017-4943 | high | 7.8 | 7.8 | 9y ago | VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low p… | |||
| CVE-2017-17804 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values fro… | |||
| CVE-2017-17803 | high | 7.8 | 7.8 | 9y ago | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input… | |||
| CVE-2017-17802 | high | 7.8 | 7.8 | 9y ago | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input… | |||
| CVE-2017-17801 | high | 7.8 | 7.8 | 9y ago | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input… | |||
| CVE-2017-17800 | high | 7.8 | 7.8 | 9y ago | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input… | |||
| CVE-2017-17799 | high | 7.8 | 7.8 | 9y ago | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input… | |||
| CVE-2017-17798 | high | 7.8 | 7.8 | 9y ago | In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input… | |||
| CVE-2017-17797 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values fro… | |||
| CVE-2017-17796 | high | 7.8 | 7.8 | 9y ago | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input… | |||
| CVE-2017-17795 | high | 7.8 | 7.8 | 9y ago | In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values fro… | |||
| CVE-2017-17789 | high | 7.8 | 7.8 | 9y ago | In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. | |||
| CVE-2017-17787 | high | 7.8 | 7.8 | 9y ago | In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | |||
| CVE-2017-17786 | high | 7.8 | 7.8 | 9y ago | In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | |||
| CVE-2017-17785 | high | 7.8 | 7.8 | 9y ago | In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. | |||
| CVE-2017-17784 | high | 7.8 | 7.8 | 9y ago | In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | |||
| CVE-2017-15104 | high | 7.8 | 7.8 | 9y ago | Information Exposure in Heketi in github.com/heketi/heketi | |||
| CVE-2017-16997 | high | 7.8 | 7.8 | 9y ago | elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to g… | |||
| CVE-2017-3196 | high | 7.8 | 7.8 | 9y ago | PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of networ… | |||
| CVE-2017-11397 | high | 7.8 | 7.8 | 9y ago | A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. | |||
| CVE-2017-17566 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. | |||
| CVE-2017-17564 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference count… | |||
| CVE-2017-17563 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overfl… | |||
| CVE-2017-11935 | high | 7.8 | 7.8 | 9y ago | Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". | |||
| CVE-2017-16690 | high | 7.8 | 7.8 | 9y ago | A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs… | |||
| CVE-2017-2886 | high | 7.8 | 7.8 | 9y ago | A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in pot… | |||
| CVE-2017-13070 | high | 7.8 | 7.8 | 9y ago | A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. | |||
| CVE-2017-12823 | high | 7.8 | 7.8 | 9y ago | Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | |||
| CVE-2017-10893 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in a… | |||
| CVE-2017-11940 | high | 7.8 | 7.8 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Se… | |||
| CVE-2017-17475 | high | 7.8 | 7.8 | 9y ago | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068. | |||
| CVE-2017-17474 | high | 7.8 | 7.8 | 9y ago | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070. | |||
| CVE-2017-17473 | high | 7.8 | 7.8 | 9y ago | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050. |