CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7158 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for readin… | |||
| CVE-2017-17934 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. | |||
| CVE-2017-17914 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted … | |||
| CVE-2017-17887 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image fi… | |||
| CVE-2017-17886 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. | |||
| CVE-2017-17885 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. | |||
| CVE-2017-17884 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. | |||
| CVE-2017-17883 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. | |||
| CVE-2017-17882 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. | |||
| CVE-2017-17881 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. | |||
| CVE-2017-17844 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relyin… | |||
| CVE-2017-13869 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the … | |||
| CVE-2017-13868 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the … | |||
| CVE-2017-13865 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the … | |||
| CVE-2017-13855 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the … | |||
| CVE-2017-15322 | medium | 6.5 | 6.5 | 9y ago | Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vuln… | |||
| CVE-2017-15310 | medium | 6.5 | 6.5 | 9y ago | Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD c… | |||
| CVE-2017-16766 | medium | 6.5 | 6.5 | 9y ago | An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML vi… | |||
| CVE-2017-10872 | medium | 6.5 | 6.5 | 9y ago | H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors. | |||
| CVE-2017-6134 | medium | 6.5 | 6.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced f… | |||
| CVE-2017-14387 | medium | 6.5 | 6.5 | 9y ago | The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be l… | |||
| CVE-2017-17747 | medium | 6.5 | 6.5 | 9y ago | Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. | |||
| CVE-2017-16818 | medium | 6.5 | 6.5 | 9y ago | RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privil… | |||
| CVE-2017-16589 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-16588 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-16584 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-16580 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-16579 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-16574 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-16573 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-14822 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-14821 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-14820 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-14819 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-14818 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target… | |||
| CVE-2017-10956 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-16786 | medium | 6.5 | 6.5 | 9y ago | The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterl… | |||
| CVE-2017-14583 | medium | 6.5 | 6.5 | 9y ago | NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. | |||
| CVE-2017-17741 | medium | 6.5 | 6.5 | 9y ago | The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to … | |||
| CVE-2017-17682 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted… | |||
| CVE-2017-17681 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a cra… | |||
| CVE-2017-17680 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. | |||
| CVE-2017-11305 | medium | 6.5 | 6.5 | 9y ago | A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. | |||
| CVE-2017-11939 | medium | 6.5 | 6.5 | 9y ago | Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosu… | |||
| CVE-2017-11927 | medium | 6.5 | 6.5 | 9y ago | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709… | |||
| CVE-2017-16691 | medium | 6.5 | 6.5 | 9y ago | SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verific… | |||
| CVE-2017-16683 | medium | 6.5 | 6.5 | 9y ago | Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | |||
| CVE-2017-17555 | medium | 6.5 | 6.5 | 9y ago | The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of servi… | |||
| CVE-2017-1550 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. | |||
| CVE-2017-17508 | medium | 6.5 | 6.5 | 9y ago | In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |||
| CVE-2017-17507 | medium | 6.5 | 6.5 | 9y ago | In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |||
| CVE-2017-17506 | medium | 6.5 | 6.5 | 9y ago | In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |||
| CVE-2017-17505 | medium | 6.5 | 6.5 | 9y ago | In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |||
| CVE-2017-17504 | medium | 6.5 | 6.5 | 9y ago | ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. | |||
| CVE-2017-16419 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16369 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16361 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16854 | medium | 6.5 | 6.5 | 9y ago | In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose int… | |||
| CVE-2017-15895 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_p… | |||
| CVE-2017-15894 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbi… | |||
| CVE-2017-15893 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parame… | |||
| CVE-2017-15891 | medium | 6.5 | 6.5 | 9y ago | Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. | |||
| CVE-2017-1487 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. | |||
| CVE-2017-1433 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. | |||
| CVE-2017-17381 | medium | 6.5 | 6.5 | 9y ago | The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. | |||
| CVE-2017-17446 | medium | 6.5 | 6.5 | 9y ago | The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a deni… | |||
| CVE-2017-17440 | medium | 6.5 | 6.5 | 9y ago | GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, … | |||
| CVE-2017-13148 | medium | 6.5 | 6.5 | 9y ago | A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533. | |||
| CVE-2017-0880 | medium | 6.5 | 6.5 | 9y ago | A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012. | |||
| CVE-2017-0874 | medium | 6.5 | 6.5 | 9y ago | A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932. | |||
| CVE-2017-0873 | medium | 6.5 | 6.5 | 9y ago | A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255. | |||
| CVE-2017-17128 | medium | 6.5 | 6.5 | 9y ago | The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file. | |||
| CVE-2017-17127 | medium | 6.5 | 6.5 | 9y ago | The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | |||
| CVE-2017-16893 | medium | 6.5 | 6.5 | 9y ago | The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context… | |||
| CVE-2017-14953 | medium | 6.5 | 6.5 | 9y ago | HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi en… | |||
| CVE-2017-17081 | medium | 6.5 | 6.5 | 9y ago | The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedne… | |||
| CVE-2017-12364 | medium | 6.5 | 6.5 | 9y ago | A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The … | |||
| CVE-2017-12362 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vuln… | |||
| CVE-2017-12359 | medium | 6.5 | 6.5 | 9y ago | A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exp… | |||
| CVE-2017-17046 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that… | |||
| CVE-2017-17044 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | |||
| CVE-2017-16952 | medium | 5.5 | 6.5 | 9y ago | KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file. | |||
| CVE-2017-16951 | medium | 5.5 | 6.5 | 9y ago | Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file. | |||
| CVE-2017-14389 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud C… | |||
| CVE-2017-1628 | medium | 6.5 | 6.5 | 9y ago | IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. | |||
| CVE-2017-16994 | medium | 5.5 | 6.5 | 9y ago | The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kern… | |||
| CVE-2017-9316 | medium | 6.5 | 6.5 | 9y ago | Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used f… | |||
| CVE-2017-16961 | medium | 6.5 | 6.5 | 9y ago | A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application… | |||
| CVE-2017-16959 | medium | 6.5 | 6.5 | 9y ago | The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;local… | |||
| CVE-2017-16942 | medium | 6.5 | 6.5 | 9y ago | In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. | |||
| CVE-2017-16936 | medium | 6.5 | 6.5 | 9y ago | Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US… | |||
| CVE-2017-8201 | medium | 6.5 | 6.5 | 9y ago | MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affe… | |||
| CVE-2017-8200 | medium | 6.5 | 6.5 | 9y ago | MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the… | |||
| CVE-2017-8199 | medium | 6.5 | 6.5 | 9y ago | MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the… | |||
| CVE-2017-8163 | medium | 6.5 | 6.5 | 9y ago | AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with s… | |||
| CVE-2017-8162 | medium | 6.5 | 6.5 | 9y ago | AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with s… | |||
| CVE-2017-8158 | medium | 6.5 | 6.5 | 9y ago | FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could crea… | |||
| CVE-2017-8130 | medium | 6.5 | 6.5 | 9y ago | The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | |||
| CVE-2017-2717 | medium | 6.5 | 6.5 | 9y ago | honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a … | |||
| CVE-2017-15099 | medium | 6.5 | 6.5 | 9y ago | INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits … |