CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15801 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render … | |||
| CVE-2017-12628 | high | 7.8 | 7.8 | 9y ago | Apache James Privilege Escalation | |||
| CVE-2017-14017 | high | 7.8 | 7.8 | 9y ago | An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote… | |||
| CVE-2017-15588 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. | |||
| CVE-2017-15587 | high | 7.8 | 7.8 | 9y ago | An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | |||
| CVE-2017-6273 | high | 7.8 | 7.8 | 9y ago | NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may le… | |||
| CVE-2017-15385 | high | 7.8 | 7.8 | 9y ago | The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possi… | |||
| CVE-2017-0316 | high | 7.8 | 7.8 | 9y ago | In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, … | |||
| CVE-2017-15383 | high | 7.8 | 7.8 | 9y ago | Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. | |||
| CVE-2017-15369 | high | 7.8 | 7.8 | 9y ago | The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a de… | |||
| CVE-2017-15368 | high | 7.8 | 7.8 | 9y ago | The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecif… | |||
| CVE-2017-15303 | high | 7.8 | 7.8 | 9y ago | In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an… | |||
| CVE-2017-15302 | high | 7.8 | 7.8 | 9y ago | In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, be… | |||
| CVE-2017-8718 | high | 7.8 | 7.8 | 9y ago | The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 … | |||
| CVE-2017-8717 | high | 7.8 | 7.8 | 9y ago | The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 … | |||
| CVE-2017-11825 | high | 7.8 | 7.8 | 9y ago | Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how… | |||
| CVE-2017-11782 | high | 7.8 | 7.8 | 9y ago | The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the … | |||
| CVE-2017-11769 | high | 7.8 | 7.8 | 9y ago | The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, … | |||
| CVE-2017-10865 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note thi… | |||
| CVE-2017-10864 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10863 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note thi… | |||
| CVE-2017-15264 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is used as one o… | |||
| CVE-2017-15263 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faul… | |||
| CVE-2017-15262 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address con… | |||
| CVE-2017-15261 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Sta… | |||
| CVE-2017-15260 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faul… | |||
| CVE-2017-15259 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faul… | |||
| CVE-2017-15258 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access … | |||
| CVE-2017-15257 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address con… | |||
| CVE-2017-15256 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faul… | |||
| CVE-2017-15255 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access … | |||
| CVE-2017-15254 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access … | |||
| CVE-2017-15253 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting … | |||
| CVE-2017-15252 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Blo… | |||
| CVE-2017-15251 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address con… | |||
| CVE-2017-15250 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access … | |||
| CVE-2017-15249 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address con… | |||
| CVE-2017-15248 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address con… | |||
| CVE-2017-15247 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faul… | |||
| CVE-2017-15246 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Blo… | |||
| CVE-2017-15245 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faul… | |||
| CVE-2017-15244 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code … | |||
| CVE-2017-15243 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Sta… | |||
| CVE-2017-15242 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting … | |||
| CVE-2017-15241 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faul… | |||
| CVE-2017-15240 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access … | |||
| CVE-2017-15239 | high | 7.8 | 7.8 | 9y ago | IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Add… | |||
| CVE-2017-12188 | high | 7.8 | 7.8 | 9y ago | arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest… | |||
| CVE-2017-9714 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNI… | |||
| CVE-2017-9706 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver. | |||
| CVE-2017-9687 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that co… | |||
| CVE-2017-9686 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging i… | |||
| CVE-2017-9683 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offse… | |||
| CVE-2017-11067 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may potentia… | |||
| CVE-2017-11059 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to… | |||
| CVE-2017-11057 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel … | |||
| CVE-2017-11056 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in kerne… | |||
| CVE-2017-11053 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qo… | |||
| CVE-2017-11050 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size less than the minimal possible s… | |||
| CVE-2017-11048 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur. | |||
| CVE-2017-11046 | high | 7.8 | 7.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentia… | |||
| CVE-2017-13723 | high | 7.8 | 7.8 | 9y ago | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other proble… | |||
| CVE-2017-15056 | high | 7.8 | 7.8 | 9y ago | p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as… | |||
| CVE-2017-12730 | high | 7.8 | 7.8 | 9y ago | An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary… | |||
| CVE-2017-2920 | high | 7.8 | 7.8 | 9y ago | An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, w… | |||
| CVE-2017-2880 | high | 7.8 | 7.8 | 9y ago | An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execu… | |||
| CVE-2017-12106 | high | 7.8 | 7.8 | 9y ago | A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code… | |||
| CVE-2017-1378 | high | 7.8 | 7.8 | 9y ago | IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. I… | |||
| CVE-2017-1201 | high | 7.8 | 7.8 | 9y ago | IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676. | |||
| CVE-2017-15020 | high | 7.8 | 7.8 | 9y ago | dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application cr… | |||
| CVE-2017-15019 | high | 7.8 | 7.8 | 9y ago | LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. | |||
| CVE-2017-13993 | high | 7.8 | 7.8 | 9y ago | An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has be… | |||
| CVE-2017-12728 | high | 7.8 | 7.8 | 9y ago | An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executable… | |||
| CVE-2017-1000111 | high | 7.8 | 7.8 | 9y ago | Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety… | |||
| CVE-2017-8048 | high | 7.8 | 7.8 | 9y ago | In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allo… | |||
| CVE-2017-0827 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-A… | |||
| CVE-2017-0826 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781. | |||
| CVE-2017-0812 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231. | |||
| CVE-2017-0811 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177. | |||
| CVE-2017-0810 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066. | |||
| CVE-2017-0809 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128. | |||
| CVE-2017-0806 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805. | |||
| CVE-2017-14773 | high | 7.8 | 7.8 | 9y ago | Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be … | |||
| CVE-2017-14947 | high | 7.8 | 7.8 | 9y ago | Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at … | |||
| CVE-2017-14946 | high | 7.8 | 7.8 | 9y ago | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Bra… | |||
| CVE-2017-14945 | high | 7.8 | 7.8 | 9y ago | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at K… | |||
| CVE-2017-13684 | high | 7.8 | 7.8 | 9y ago | Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via v… | |||
| CVE-2017-14749 | high | 7.8 | 7.8 | 9y ago | JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecog… | |||
| CVE-2017-14745 | high | 7.8 | 7.8 | 9y ago | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, w… | |||
| CVE-2017-9961 | high | 7.8 | 7.8 | 9y ago | A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. B… | |||
| CVE-2017-9958 | high | 7.8 | 7.8 | 9y ago | An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attac… | |||
| CVE-2017-14730 | high | 7.8 | 7.8 | 9y ago | The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by… | |||
| CVE-2017-14729 | high | 7.8 | 7.8 | 9y ago | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote … | |||
| CVE-2017-1362 | high | 7.8 | 7.8 | 9y ago | IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. | |||
| CVE-2017-14694 | high | 7.8 | 7.8 | 9y ago | Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a … | |||
| CVE-2017-6277 | high | 7.8 | 7.8 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated … | |||
| CVE-2017-6272 | high | 7.8 | 7.8 | 9y ago | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which m… | |||
| CVE-2017-6269 | high | 7.8 | 7.8 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validatio… | |||
| CVE-2017-6268 | high | 7.8 | 7.8 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated … | |||
| CVE-2017-14693 | high | 7.8 | 7.8 | 9y ago | IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selecti… |