CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9780 | high | 7.8 | 7.8 | 9y ago | In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with… | |||
| CVE-2017-3745 | high | 7.8 | 7.8 | 9y ago | In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authent… | |||
| CVE-2017-1000365 | high | 7.8 | 7.8 | 9y ago | The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment poin… | |||
| CVE-2017-4985 | high | 7.8 | 7.8 | 9y ago | In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization … | |||
| CVE-2017-9755 | high | 7.8 | 7.8 | 9y ago | opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or p… | |||
| CVE-2017-9754 | high | 7.8 | 7.8 | 9y ago | The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attac… | |||
| CVE-2017-9753 | high | 7.8 | 7.8 | 9y ago | The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which all… | |||
| CVE-2017-9752 | high | 7.8 | 7.8 | 9y ago | bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application cr… | |||
| CVE-2017-9751 | high | 7.8 | 7.8 | 9y ago | opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspec… | |||
| CVE-2017-9745 | high | 7.8 | 7.8 | 9y ago | The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service… | |||
| CVE-2017-9744 | high | 7.8 | 7.8 | 9y ago | The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of s… | |||
| CVE-2017-9743 | high | 7.8 | 7.8 | 9y ago | The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecif… | |||
| CVE-2017-9670 | high | 7.8 | 7.8 | 9y ago | An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly hav… | |||
| CVE-2017-8552 | high | 7.8 | 7.8 | 9y ago | A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of p… | |||
| CVE-2017-8513 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability". | |||
| CVE-2017-8511 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8507 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability". | |||
| CVE-2017-8506 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8468 | high | 7.8 | 7.8 | 9y ago | Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Win… | |||
| CVE-2017-8466 | high | 7.8 | 7.8 | 9y ago | Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka "Windows Cursor Elevat… | |||
| CVE-2017-8465 | high | 7.8 | 7.8 | 9y ago | Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Win… | |||
| CVE-2017-0296 | high | 7.8 | 7.8 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attack… | |||
| CVE-2017-0294 | high | 7.8 | 7.8 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attack… | |||
| CVE-2017-0292 | high | 7.8 | 7.8 | 9y ago | Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafte… | |||
| CVE-2017-0291 | high | 7.8 | 7.8 | 9y ago | Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafte… | |||
| CVE-2017-0260 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-0193 | high | 7.8 | 7.8 | 9y ago | Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-0663 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated a… | |||
| CVE-2017-0648 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High d… | |||
| CVE-2017-0638 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issu… | |||
| CVE-2017-0637 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is… | |||
| CVE-2017-8241 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length. | |||
| CVE-2017-8240 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. | |||
| CVE-2017-8238 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function. | |||
| CVE-2017-8237 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image. | |||
| CVE-2017-8236 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver. | |||
| CVE-2017-8234 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. | |||
| CVE-2017-8233 | high | 7.8 | 7.8 | 9y ago | In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write. | |||
| CVE-2017-7373 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver. | |||
| CVE-2017-7371 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth. | |||
| CVE-2017-7369 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption. | |||
| CVE-2017-7367 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. | |||
| CVE-2017-7365 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated. | |||
| CVE-2017-9552 | high | 7.8 | 7.8 | 9y ago | A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user progr… | |||
| CVE-2017-4966 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x v… | |||
| CVE-2017-9527 | high | 7.8 | 7.8 | 9y ago | The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impac… | |||
| CVE-2017-2219 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2213 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2212 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2211 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2210 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2209 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 M… | |||
| CVE-2017-2193 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2192 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allo… | |||
| CVE-2017-2191 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a … | |||
| CVE-2017-2190 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified direct… | |||
| CVE-2017-2189 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2176 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) availa… | |||
| CVE-2017-8108 | high | 7.8 | 7.8 | 9y ago | Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. | |||
| CVE-2017-6638 | high | 7.8 | 7.8 | 9y ago | A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges… | |||
| CVE-2017-4913 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this m… | |||
| CVE-2017-4912 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstat… | |||
| CVE-2017-4911 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this … | |||
| CVE-2017-4910 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this m… | |||
| CVE-2017-4909 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, th… | |||
| CVE-2017-4908 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this… | |||
| CVE-2017-9301 | high | 7.8 | 7.8 | 9y ago | plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecif… | |||
| CVE-2017-9300 | high | 7.8 | 7.8 | 9y ago | arbitrary code execution in vlc | |||
| CVE-2017-9036 | high | 7.8 | 7.8 | 9y ago | Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | |||
| CVE-2017-2823 | high | 7.8 | 7.8 | 9y ago | A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can… | |||
| CVE-2017-2819 | high | 7.8 | 7.8 | 9y ago | An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause a… | |||
| CVE-2017-2817 | high | 7.8 | 7.8 | 9y ago | A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code ex… | |||
| CVE-2017-2799 | high | 7.8 | 7.8 | 9y ago | An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption re… | |||
| CVE-2017-2798 | high | 7.8 | 7.8 | 9y ago | An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corrup… | |||
| CVE-2017-0374 | high | 7.8 | 7.8 | 9y ago | lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the IN… | |||
| CVE-2017-2797 | high | 7.8 | 7.8 | 9y ago | An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. | |||
| CVE-2017-2794 | high | 7.8 | 7.8 | 9y ago | An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a sta… | |||
| CVE-2017-2793 | high | 7.8 | 7.8 | 9y ago | An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corru… | |||
| CVE-2017-2783 | high | 7.8 | 7.8 | 9y ago | An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a h… | |||
| CVE-2017-2175 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-6986 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial… | |||
| CVE-2017-6985 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a pri… | |||
| CVE-2017-6981 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary… | |||
| CVE-2017-2548 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged con… | |||
| CVE-2017-2546 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context o… | |||
| CVE-2017-2545 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged conte… | |||
| CVE-2017-2543 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged cont… | |||
| CVE-2017-2542 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged cont… | |||
| CVE-2017-2541 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged con… | |||
| CVE-2017-2537 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged con… | |||
| CVE-2017-2535 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a deni… | |||
| CVE-2017-2512 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Sandbox" component. It allows attackers to conduct sandbox-escape attacks or cause a denia… | |||
| CVE-2017-2503 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-2499 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" compo… | |||
| CVE-2017-2494 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context o… | |||
| CVE-2017-6650 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injec… | |||
| CVE-2017-6649 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. Th… | |||
| CVE-2017-7968 | high | 7.8 | 7.8 | 9y ago | An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a… | |||
| CVE-2017-9077 | high | 7.8 | 7.8 | 9y ago | The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified … | |||
| CVE-2017-9076 | high | 7.8 | 7.8 | 9y ago | The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified… |