CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2842 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" c… | |||
| CVE-2017-2841 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-9948 | high | 8.8 | 8.8 | 9y ago | A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. | |||
| CVE-2017-9935 | high | 8.8 | 8.8 | 9y ago | In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can… | |||
| CVE-2017-9872 | high | 7.8 | 8.8 | 9y ago | The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overfl… | |||
| CVE-2017-9840 | high | 8.8 | 8.8 | 9y ago | Dolibarr ERP and CRM Unsafe File Upload Vulnerability | |||
| CVE-2017-9846 | high | 8.8 | 8.8 | 9y ago | Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folde… | |||
| CVE-2017-1347 | high | 8.8 | 8.8 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … | |||
| CVE-2017-3629 | high | 7.8 | 8.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low pri… | |||
| CVE-2017-3219 | high | 8.8 | 8.8 | 9y ago | Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | |||
| CVE-2017-3218 | high | 8.8 | 8.8 | 9y ago | Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. | |||
| CVE-2017-9774 | high | 8.8 | 8.8 | 9y ago | Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | |||
| CVE-2017-2828 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-2827 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-1000379 | high | 7.8 | 8.8 | 9y ago | The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Lin… | |||
| CVE-2017-1000371 | high | 7.8 | 8.8 | 9y ago | The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then t… | |||
| CVE-2017-1000370 | high | 7.8 | 8.8 | 9y ago | The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address… | |||
| CVE-2017-1000366 | high | 7.8 | 8.8 | 9y ago | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note… | |||
| CVE-2017-9759 | high | 8.8 | 8.8 | 9y ago | SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | |||
| CVE-2017-9756 | high | 7.8 | 8.8 | 9y ago | The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspe… | |||
| CVE-2017-9750 | high | 7.8 | 8.8 | 9y ago | opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly… | |||
| CVE-2017-9749 | high | 7.8 | 8.8 | 9y ago | The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via … | |||
| CVE-2017-9748 | high | 7.8 | 8.8 | 9y ago | The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buff… | |||
| CVE-2017-9747 | high | 7.8 | 8.8 | 9y ago | The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buf… | |||
| CVE-2017-9746 | high | 7.8 | 8.8 | 9y ago | The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact… | |||
| CVE-2017-9742 | high | 7.8 | 8.8 | 9y ago | The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other… | |||
| CVE-2017-8487 | high | 7.8 | 8.8 | 9y ago | Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerabil… | |||
| CVE-2017-8461 | high | 7.8 | 8.8 | 9y ago | Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a … | |||
| CVE-2017-9673 | high | 8.8 | 8.8 | 9y ago | In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. | |||
| CVE-2017-8528 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S… | |||
| CVE-2017-8527 | high | 8.8 | 8.8 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote… | |||
| CVE-2017-8512 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8510 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8509 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8907 | high | 8.8 | 8.8 | 9y ago | Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can… | |||
| CVE-2017-6692 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default A… | |||
| CVE-2017-6689 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Adminis… | |||
| CVE-2017-6688 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerabil… | |||
| CVE-2017-6687 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default cr… | |||
| CVE-2017-6686 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affecte… | |||
| CVE-2017-6685 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device,… | |||
| CVE-2017-6684 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulner… | |||
| CVE-2017-6683 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected syste… | |||
| CVE-2017-6682 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Inf… | |||
| CVE-2017-6659 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and … | |||
| CVE-2017-4973 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry UAA Privilege Escalation | |||
| CVE-2017-4961 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum… | |||
| CVE-2017-4959 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vu… | |||
| CVE-2017-6892 | high | 8.8 | 8.8 | 9y ago | In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. | |||
| CVE-2017-9324 | high | 8.8 | 8.8 | 9y ago | In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain admi… | |||
| CVE-2017-2207 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2206 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2195 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-2182 | high | 8.8 | 8.8 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-217… | |||
| CVE-2017-2181 | high | 8.8 | 8.8 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-217… | |||
| CVE-2017-2179 | high | 8.8 | 8.8 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2… | |||
| CVE-2017-2178 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unsp… | |||
| CVE-2017-2177 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-9519 | high | 8.8 | 8.8 | 9y ago | atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. | |||
| CVE-2017-9518 | high | 8.8 | 8.8 | 9y ago | atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. | |||
| CVE-2017-9517 | high | 8.8 | 8.8 | 9y ago | atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | |||
| CVE-2017-7966 | high | 8.8 | 8.8 | 9y ago | A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability ex… | |||
| CVE-2017-4904 | high | 8.8 | 8.8 | 9y ago | The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402… | |||
| CVE-2017-4903 | high | 8.8 | 8.8 | 9y ago | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without pa… | |||
| CVE-2017-4902 | high | 8.8 | 8.8 | 9y ago | VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Bu… | |||
| CVE-2017-4898 | high | 8.8 | 8.8 | 9y ago | VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. S… | |||
| CVE-2017-9449 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker c… | |||
| CVE-2017-9444 | high | 8.8 | 8.8 | 9y ago | BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), … | |||
| CVE-2017-9443 | high | 8.8 | 8.8 | 9y ago | BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modu… | |||
| CVE-2017-9442 | high | 8.8 | 8.8 | 9y ago | BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename pa… | |||
| CVE-2017-9437 | high | 8.8 | 8.8 | 9y ago | Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. | |||
| CVE-2017-8438 | high | 8.8 | 8.8 | 9y ago | Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. … | |||
| CVE-2017-9427 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The at… | |||
| CVE-2017-9379 | high | 8.8 | 8.8 | 9y ago | Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashb… | |||
| CVE-2017-9365 | high | 8.8 | 8.8 | 9y ago | CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked. | |||
| CVE-2017-8386 | high | 8.8 | 8.8 | 9y ago | git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.… | |||
| CVE-2017-8402 | high | 8.8 | 8.8 | 9y ago | PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. | |||
| CVE-2017-2306 | high | 8.8 | 8.8 | 9y ago | On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device. | |||
| CVE-2017-2305 | high | 8.8 | 8.8 | 9y ago | On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allow… | |||
| CVE-2017-7917 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCe… | |||
| CVE-2017-8541 | high | 7.8 | 8.8 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8538 | high | 7.8 | 8.8 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-7505 | high | 8.8 | 8.8 | 9y ago | Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted b… | |||
| CVE-2017-9033 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update… | |||
| CVE-2017-8311 | high | 7.8 | 8.8 | 9y ago | multiple issues in vlc | |||
| CVE-2017-8913 | high | 8.8 | 8.8 | 9y ago | The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/se… | |||
| CVE-2017-6891 | high | 8.8 | 8.8 | 9y ago | Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a spe… | |||
| CVE-2017-9146 | high | 8.8 | 8.8 | 9y ago | The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial o… | |||
| CVE-2017-4915 | high | 7.8 | 8.8 | 9y ago | VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to … | |||
| CVE-2017-6999 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component.… | |||
| CVE-2017-6998 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component.… | |||
| CVE-2017-6997 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component.… | |||
| CVE-2017-6996 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component.… | |||
| CVE-2017-6995 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component.… | |||
| CVE-2017-6994 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component.… | |||
| CVE-2017-6991 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute ar… | |||
| CVE-2017-6989 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component.… | |||
| CVE-2017-6983 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute ar… | |||
| CVE-2017-6978 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a pri… | |||
| CVE-2017-2544 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… |