CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1205 | high | 8.8 | 8.8 | 9y ago | IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. | |||
| CVE-2017-7643 | high | 7.8 | 8.8 | 9y ago | Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program. | |||
| CVE-2017-7219 | high | 8.8 | 8.8 | 9y ago | A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run … | |||
| CVE-2017-7284 | high | 8.8 | 8.8 | 9y ago | An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the c… | |||
| CVE-2017-7281 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows fo… | |||
| CVE-2017-3064 | high | 7.8 | 8.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-0165 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handle… | |||
| CVE-2017-0160 | high | 7.8 | 8.8 | 9y ago | Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." | |||
| CVE-2017-7694 | high | 8.8 | 8.8 | 9y ago | Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. … | |||
| CVE-2017-7647 | high | 8.8 | 8.8 | 9y ago | SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. | |||
| CVE-2017-7622 | high | 8.8 | 8.8 | 9y ago | dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Any… | |||
| CVE-2017-7617 | high | 8.8 | 8.8 | 9y ago | Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, re… | |||
| CVE-2017-7570 | high | 8.8 | 8.8 | 9y ago | PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to ch… | |||
| CVE-2017-4964 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | |||
| CVE-2017-7565 | high | 8.8 | 8.8 | 9y ago | Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | |||
| CVE-2017-6968 | high | 8.8 | 8.8 | 9y ago | GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03. | |||
| CVE-2017-6956 | high | 8.8 | 8.8 | 9y ago | On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point … | |||
| CVE-2017-7413 | high | 8.8 | 8.8 | 9y ago | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled… | |||
| CVE-2017-2490 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2485 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2483 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2482 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2481 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2474 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2473 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2472 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2465 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2463 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tv… | |||
| CVE-2017-2444 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "C… | |||
| CVE-2017-2443 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-2433 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitr… | |||
| CVE-2017-2415 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "W… | |||
| CVE-2017-2405 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to … | |||
| CVE-2017-2403 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbi… | |||
| CVE-2017-2396 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2395 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2394 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2381 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging mem… | |||
| CVE-2017-2378 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attack… | |||
| CVE-2017-7393 | high | 8.8 | 8.8 | 9y ago | In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. | |||
| CVE-2017-7253 | high | 8.8 | 8.8 | 9y ago | Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with ad… | |||
| CVE-2017-7310 | high | 7.8 | 8.8 | 9y ago | A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Se… | |||
| CVE-2017-7308 | high | 7.8 | 8.8 | 9y ago | The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (in… | |||
| CVE-2017-2689 | high | 8.8 | 8.8 | 9y ago | Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration… | |||
| CVE-2017-2688 | high | 8.8 | 8.8 | 9y ago | The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the target… | |||
| CVE-2017-7297 | high | 8.8 | 8.8 | 9y ago | Rancher Access Control Vulnerability in github.com/rancher/rancher | |||
| CVE-2017-1153 | high | 8.8 | 8.8 | 9y ago | IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. | |||
| CVE-2017-6460 | high | 8.8 | 8.8 | 9y ago | Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction l… | |||
| CVE-2017-6458 | high | 8.8 | 8.8 | 9y ago | Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | |||
| CVE-2017-5931 | high | 8.8 | 8.8 | 9y ago | Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code … | |||
| CVE-2017-6069 | high | 8.8 | 8.8 | 9y ago | Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. | |||
| CVE-2017-6068 | high | 8.8 | 8.8 | 9y ago | Subrion CMS vulnerable to CSRF in admin/blocks/add | |||
| CVE-2017-6066 | high | 8.8 | 8.8 | 9y ago | Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. | |||
| CVE-2017-6002 | high | 8.8 | 8.8 | 9y ago | Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. | |||
| CVE-2017-5199 | high | 8.8 | 8.8 | 9y ago | The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | |||
| CVE-2017-5198 | high | 8.8 | 8.8 | 9y ago | SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. | |||
| CVE-2017-6191 | high | 7.8 | 8.8 | 9y ago | Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename. | |||
| CVE-2017-3858 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is d… | |||
| CVE-2017-5874 | high | 8.8 | 8.8 | 9y ago | CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | |||
| CVE-2017-6178 | high | 7.8 | 8.8 | 9y ago | The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference. | |||
| CVE-2017-0108 | high | 7.8 | 8.8 | 9y ago | The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows… | |||
| CVE-2017-0100 | high | 7.8 | 8.8 | 9y ago | A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 201… | |||
| CVE-2017-3854 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to… | |||
| CVE-2017-3819 | high | 8.8 | 8.8 | 9y ago | A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Pack… | |||
| CVE-2017-6060 | high | 7.8 | 8.8 | 9y ago | Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. | |||
| CVE-2017-3003 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. … | |||
| CVE-2017-3002 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation cou… | |||
| CVE-2017-3001 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbit… | |||
| CVE-2017-2999 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitatio… | |||
| CVE-2017-2998 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitati… | |||
| CVE-2017-2997 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitati… | |||
| CVE-2017-6180 | high | 8.8 | 8.8 | 9y ago | Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). | |||
| CVE-2017-6081 | high | 8.8 | 8.8 | 9y ago | A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for u… | |||
| CVE-2017-5675 | high | 8.8 | 8.8 | 9y ago | A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the ma… | |||
| CVE-2017-2290 | high | 8.8 | 8.8 | 9y ago | On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco… | |||
| CVE-2017-6407 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client… | |||
| CVE-2017-6406 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occ… | |||
| CVE-2017-6400 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system). | |||
| CVE-2017-6399 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client… | |||
| CVE-2017-2682 | high | 8.8 | 8.8 | 9y ago | The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to… | |||
| CVE-2017-5585 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict D… | |||
| CVE-2017-3835 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Info… | |||
| CVE-2017-6127 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of a… | |||
| CVE-2017-5881 | high | 7.8 | 8.8 | 9y ago | GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file. | |||
| CVE-2017-2372 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attacker… | |||
| CVE-2017-2370 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve… | |||
| CVE-2017-2366 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involv… | |||
| CVE-2017-2360 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve… | |||
| CVE-2017-2356 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1… | |||
| CVE-2017-2355 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1… | |||
| CVE-2017-2354 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1… | |||
| CVE-2017-2353 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-6074 | high | 7.8 | 8.8 | 9y ago | The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r… | |||
| CVE-2017-6065 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. | |||
| CVE-2017-5012 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5009 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-0321 | high | 8.8 | 8.8 | 9y ago | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or poten… | |||
| CVE-2017-0313 | high | 7.8 | 8.8 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where un… | |||
| CVE-2017-0312 | high | 7.8 | 8.8 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit … | |||
| CVE-2017-0311 | high | 8.8 | 8.8 | 9y ago | NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. |