CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1451 | high | 7.8 | 7.8 | 9y ago | IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. | |||
| CVE-2017-14333 | high | 7.8 | 7.8 | 9y ago | The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have un… | |||
| CVE-2017-14312 | high | 7.8 | 7.8 | 9y ago | Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by … | |||
| CVE-2017-14310 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllU… | |||
| CVE-2017-14309 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllU… | |||
| CVE-2017-14308 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllU… | |||
| CVE-2017-14307 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection s… | |||
| CVE-2017-14306 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllU… | |||
| CVE-2017-14305 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection s… | |||
| CVE-2017-14304 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllG… | |||
| CVE-2017-14303 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllG… | |||
| CVE-2017-14302 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection s… | |||
| CVE-2017-14301 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting … | |||
| CVE-2017-14300 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting … | |||
| CVE-2017-14299 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting … | |||
| CVE-2017-14298 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting … | |||
| CVE-2017-14297 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2Fil… | |||
| CVE-2017-14296 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting … | |||
| CVE-2017-14295 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2Fil… | |||
| CVE-2017-14294 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x0… | |||
| CVE-2017-14293 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008… | |||
| CVE-2017-14292 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x0… | |||
| CVE-2017-14291 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x0… | |||
| CVE-2017-14290 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x00000000000000… | |||
| CVE-2017-14289 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000… | |||
| CVE-2017-14288 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000… | |||
| CVE-2017-14287 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File+0x00… | |||
| CVE-2017-14286 | high | 7.8 | 7.8 | 9y ago | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x0… | |||
| CVE-2017-14285 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address control… | |||
| CVE-2017-14284 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address control… | |||
| CVE-2017-14283 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting a… | |||
| CVE-2017-14282 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting a… | |||
| CVE-2017-14281 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used… | |||
| CVE-2017-14280 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address control… | |||
| CVE-2017-14279 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting a… | |||
| CVE-2017-14278 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting a… | |||
| CVE-2017-14277 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting a… | |||
| CVE-2017-14276 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Possible Stack Corruption starting… | |||
| CVE-2017-14275 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV near NULL starting at wow64!W… | |||
| CVE-2017-14274 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Wri… | |||
| CVE-2017-14273 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!Rt… | |||
| CVE-2017-14272 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000… | |||
| CVE-2017-14271 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!Rt… | |||
| CVE-2017-14270 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!Rt… | |||
| CVE-2017-14261 | high | 7.8 | 7.8 | 9y ago | In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted… | |||
| CVE-2017-14260 | high | 7.8 | 7.8 | 9y ago | In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arb… | |||
| CVE-2017-14259 | high | 7.8 | 7.8 | 9y ago | In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arb… | |||
| CVE-2017-14258 | high | 7.8 | 7.8 | 9y ago | In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbit… | |||
| CVE-2017-14257 | high | 7.8 | 7.8 | 9y ago | In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by op… | |||
| CVE-2017-0804 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487. | |||
| CVE-2017-0803 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477. | |||
| CVE-2017-0802 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818. | |||
| CVE-2017-0801 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980. | |||
| CVE-2017-0800 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988. | |||
| CVE-2017-0799 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072. | |||
| CVE-2017-0798 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532. | |||
| CVE-2017-0797 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854. | |||
| CVE-2017-0796 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887. | |||
| CVE-2017-0795 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480. | |||
| CVE-2017-0794 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. | |||
| CVE-2017-0770 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234… | |||
| CVE-2017-0769 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122. | |||
| CVE-2017-0768 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992. | |||
| CVE-2017-0767 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407. | |||
| CVE-2017-0766 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688. | |||
| CVE-2017-0765 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863. | |||
| CVE-2017-0764 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015. | |||
| CVE-2017-0763 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. | |||
| CVE-2017-0762 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264. | |||
| CVE-2017-0761 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. | |||
| CVE-2017-0760 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. | |||
| CVE-2017-0759 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. | |||
| CVE-2017-0758 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741. | |||
| CVE-2017-0757 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815. | |||
| CVE-2017-0756 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. | |||
| CVE-2017-0755 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311. | |||
| CVE-2017-0753 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744. | |||
| CVE-2017-0752 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. | |||
| CVE-2017-14181 | high | 7.8 | 7.8 | 9y ago | DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and applicat… | |||
| CVE-2017-9779 | high | 7.8 | 7.8 | 9y ago | OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." | |||
| CVE-2017-2870 | high | 7.8 | 7.8 | 9y ago | An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resul… | |||
| CVE-2017-2862 | high | 7.8 | 7.8 | 9y ago | An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in… | |||
| CVE-2017-2808 | high | 7.8 | 7.8 | 9y ago | An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbi… | |||
| CVE-2017-2807 | high | 7.8 | 7.8 | 9y ago | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. … | |||
| CVE-2017-2779 | high | 7.8 | 7.8 | 9y ago | An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (… | |||
| CVE-2017-14105 | high | 7.8 | 7.8 | 9y ago | HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An au… | |||
| CVE-2017-10851 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10850 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing i… | |||
| CVE-2017-10849 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10848 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse… | |||
| CVE-2017-10829 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan hor… | |||
| CVE-2017-13674 | high | 7.8 | 7.8 | 9y ago | Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate th… | |||
| CVE-2017-14102 | high | 7.8 | 7.8 | 9y ago | MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account… | |||
| CVE-2017-11158 | high | 7.8 | 7.8 | 9y ago | Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking … | |||
| CVE-2017-11157 | high | 7.8 | 7.8 | 9y ago | Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking… | |||
| CVE-2017-12717 | high | 7.8 | 7.8 | 9y ago | An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker… | |||
| CVE-2017-12713 | high | 7.8 | 7.8 | 9y ago | An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are … | |||
| CVE-2017-12711 | high | 7.8 | 7.8 | 9y ago | An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to … | |||
| CVE-2017-13774 | high | 7.8 | 7.8 | 9y ago | Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. | |||
| CVE-2017-3757 | high | 7.8 | 7.8 | 9y ago | An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with… |