CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0309 | high | 8.8 | 8.8 | 9y ago | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service… | |||
| CVE-2017-0308 | high | 8.8 | 8.8 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation l… | |||
| CVE-2017-3801 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privil… | |||
| CVE-2017-2996 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2995 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2994 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2993 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2991 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary co… | |||
| CVE-2017-2990 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code executio… | |||
| CVE-2017-2987 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2984 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2982 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execu… | |||
| CVE-2017-5940 | high | 8.8 | 8.8 | 9y ago | Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows loc… | |||
| CVE-2017-3813 | high | 7.8 | 8.8 | 9y ago | A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with th… | |||
| CVE-2017-0412 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H… | |||
| CVE-2017-0411 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H… | |||
| CVE-2017-5368 | high | 8.8 | 8.8 | 9y ago | ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the c… | |||
| CVE-2017-5218 | high | 8.8 | 8.8 | 10y ago | A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to … | |||
| CVE-2017-5609 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2017-5329 | high | 7.8 | 8.8 | 10y ago | Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. | |||
| CVE-2017-3794 | high | 8.8 | 8.8 | 10y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: … | |||
| CVE-2017-5570 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST re… | |||
| CVE-2017-5563 | high | 8.8 | 8.8 | 10y ago | LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. | |||
| CVE-2017-5520 | high | 8.8 | 8.8 | 10y ago | The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files wit… | |||
| CVE-2017-5492 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims … | |||
| CVE-2017-5489 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. | |||
| CVE-2017-5476 | high | 8.8 | 8.8 | 10y ago | Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | |||
| CVE-2017-5475 | high | 8.8 | 8.8 | 10y ago | comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | |||
| CVE-2017-5225 | high | 8.8 | 8.8 | 10y ago | LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. | |||
| CVE-2017-5345 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default… | |||
| CVE-2017-2937 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation coul… | |||
| CVE-2017-2936 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execu… | |||
| CVE-2017-2928 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code exe… | |||
| CVE-2017-2927 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code exe… | |||
| CVE-2017-2926 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary cod… | |||
| CVE-2017-2925 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-0002 | high | 8.8 | 8.8 | 10y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability." | |||
| CVE-2017-11173 | high | 8.8 | 8.8 | 11y ago | Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com dom… | |||
| CVE-2017-10401 | high | 8.7 | 8.7 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMSUpdater). The supported version that is affected is 7.30.564.0. Easi… | |||
| CVE-2017-10372 | high | 8.7 | 8.7 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vu… | |||
| CVE-2017-3500 | high | 8.7 | 8.7 | 9y ago | Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2,… | |||
| CVE-2017-6607 | high | 8.7 | 8.7 | 9y ago | A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DN… | |||
| CVE-2017-14855 | high | 8.6 | 8.6 | 9y ago | Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. | |||
| CVE-2017-17952 | high | 8.6 | 8.6 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | |||
| CVE-2017-16717 | high | 8.6 | 8.6 | 9y ago | A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. | |||
| CVE-2017-17697 | high | 8.6 | 8.6 | 9y ago | The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | |||
| CVE-2017-17051 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hyper… | |||
| CVE-2017-3883 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticate… | |||
| CVE-2017-12293 | high | 8.6 | 8.6 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on th… | |||
| CVE-2017-12246 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected dev… | |||
| CVE-2017-12245 | high | 8.6 | 8.6 | 9y ago | A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detect… | |||
| CVE-2017-12244 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial … | |||
| CVE-2017-1483 | high | 8.6 | 8.6 | 9y ago | IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID… | |||
| CVE-2017-10147 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. … | |||
| CVE-2017-11615 | high | 8.6 | 8.6 | 9y ago | A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library. | |||
| CVE-2017-6612 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect H… | |||
| CVE-2017-9627 | high | 8.6 | 8.6 | 9y ago | An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability co… | |||
| CVE-2017-7901 | high | 8.6 | 8.6 | 9y ago | A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and … | |||
| CVE-2017-7922 | high | 7.6 | 8.6 | 9y ago | An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to se… | |||
| CVE-2017-7914 | high | 8.6 | 8.6 | 9y ago | A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.0… | |||
| CVE-2017-6977 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or caus… | |||
| CVE-2017-2534 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a c… | |||
| CVE-2017-9066 | high | 8.6 | 8.6 | 9y ago | In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | |||
| CVE-2017-9062 | high | 8.6 | 8.6 | 9y ago | In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | |||
| CVE-2017-2119 | high | 8.6 | 8.6 | 9y ago | Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2017-3543 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. E… | |||
| CVE-2017-3542 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. E… | |||
| CVE-2017-3540 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. E… | |||
| CVE-2017-3230 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 11.1.1.9, 12.2.1.1 and 12.2.1.2. Ea… | |||
| CVE-2017-2321 | high | 8.6 | 8.6 | 9y ago | A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system s… | |||
| CVE-2017-2317 | high | 8.6 | 8.6 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to caus… | |||
| CVE-2017-6608 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected syste… | |||
| CVE-2017-3863 | high | 8.6 | 8.6 | 9y ago | Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf… | |||
| CVE-2017-3862 | high | 8.6 | 8.6 | 9y ago | Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf… | |||
| CVE-2017-3861 | high | 8.6 | 8.6 | 9y ago | Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf… | |||
| CVE-2017-3860 | high | 8.6 | 8.6 | 9y ago | Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf… | |||
| CVE-2017-7569 | high | 8.6 | 8.6 | 9y ago | In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | |||
| CVE-2017-3864 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial… | |||
| CVE-2017-1145 | high | 8.6 | 8.6 | 9y ago | IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #:… | |||
| CVE-2017-3846 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Man… | |||
| CVE-2017-6413 | high | 8.6 | 8.6 | 9y ago | The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "Aut… | |||
| CVE-2017-6062 | high | 8.6 | 8.6 | 9y ago | The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OID… | |||
| CVE-2017-5167 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. | |||
| CVE-2017-5143 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal… | |||
| CVE-2017-3790 | high | 8.6 | 8.6 | 10y ago | A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a re… | |||
| CVE-2017-3293 | high | 8.6 | 8.6 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitab… | |||
| CVE-2017-3271 | high | 8.6 | 8.6 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitab… | |||
| CVE-2017-15667 | high | 7.5 | 8.5 | 9y ago | In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. | |||
| CVE-2017-17876 | high | 7.5 | 8.5 | 9y ago | Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | |||
| CVE-2017-17692 | high | 7.5 | 8.5 | 9y ago | Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the … | |||
| CVE-2017-17088 | high | 7.5 | 8.5 | 9y ago | The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header … | |||
| CVE-2017-17738 | high | 7.5 | 8.5 | 9y ago | The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. | |||
| CVE-2017-17593 | high | 7.5 | 8.5 | 9y ago | Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | |||
| CVE-2017-17538 | high | 7.5 | 8.5 | 9y ago | MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | |||
| CVE-2017-11918 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine … | |||
| CVE-2017-11914 | high | 7.5 | 8.5 | 9y ago | ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction | |||
| CVE-2017-11911 | high | 7.5 | 8.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11909 | high | 7.5 | 8.5 | 9y ago | ChakraCore vulnerable to remote code execution | |||
| CVE-2017-11907 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2… | |||
| CVE-2017-11903 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2… |