CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9075 | high | 7.8 | 7.8 | 9y ago | The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified … | |||
| CVE-2017-9074 | high | 7.8 | 7.8 | 9y ago | The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial … | |||
| CVE-2017-6623 | high | 7.8 | 7.8 | 9y ago | A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their p… | |||
| CVE-2017-9043 | high | 7.8 | 7.8 | 9y ago | readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly hav… | |||
| CVE-2017-9042 | high | 7.8 | 7.8 | 9y ago | readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified… | |||
| CVE-2017-7493 | high | 7.8 | 7.8 | 9y ago | Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs meta… | |||
| CVE-2017-6887 | high | 7.8 | 7.8 | 9y ago | A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC fil… | |||
| CVE-2017-7487 | high | 7.8 | 7.8 | 9y ago | The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have u… | |||
| CVE-2017-8246 | high | 7.8 | 7.8 | 9y ago | In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized a… | |||
| CVE-2017-8245 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bou… | |||
| CVE-2017-2167 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file… | |||
| CVE-2017-0604 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated … | |||
| CVE-2017-0597 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High bec… | |||
| CVE-2017-0596 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is… | |||
| CVE-2017-0595 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is… | |||
| CVE-2017-0594 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context o… | |||
| CVE-2017-0593 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general by… | |||
| CVE-2017-0592 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and da… | |||
| CVE-2017-0591 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is … | |||
| CVE-2017-0590 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is… | |||
| CVE-2017-0589 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is… | |||
| CVE-2017-0588 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data pro… | |||
| CVE-2017-0587 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue i… | |||
| CVE-2017-0281 | high | 7.8 | 7.8 | 9y ago | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise … | |||
| CVE-2017-0265 | high | 7.8 | 7.8 | 9y ago | Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Th… | |||
| CVE-2017-0264 | high | 7.8 | 7.8 | 9y ago | Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Th… | |||
| CVE-2017-0254 | high | 7.8 | 7.8 | 9y ago | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word… | |||
| CVE-2017-0077 | high | 7.8 | 7.8 | 9y ago | The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 … | |||
| CVE-2017-8890 | high | 7.8 | 7.8 | 9y ago | The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other … | |||
| CVE-2017-7698 | high | 7.8 | 7.8 | 9y ago | A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf… | |||
| CVE-2017-0352 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation… | |||
| CVE-2017-0351 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or p… | |||
| CVE-2017-0350 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset … | |||
| CVE-2017-0349 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not… | |||
| CVE-2017-0348 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or potenti… | |||
| CVE-2017-0347 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not c… | |||
| CVE-2017-0346 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, lea… | |||
| CVE-2017-0345 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not c… | |||
| CVE-2017-0344 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical mem… | |||
| CVE-2017-0342 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading t… | |||
| CVE-2017-0341 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a poi… | |||
| CVE-2017-8854 | high | 7.8 | 7.8 | 9y ago | wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. | |||
| CVE-2017-8844 | high | 7.8 | 7.8 | 9y ago | The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified oth… | |||
| CVE-2017-8829 | high | 7.8 | 7.8 | 9y ago | Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. | |||
| CVE-2017-5236 | high | 7.8 | 7.8 | 9y ago | Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current w… | |||
| CVE-2017-8455 | high | 7.8 | 7.8 | 9y ago | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in … | |||
| CVE-2017-0331 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic… | |||
| CVE-2017-8419 | high | 7.8 | 7.8 | 9y ago | LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based bu… | |||
| CVE-2017-8373 | high | 7.8 | 7.8 | 9y ago | The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecif… | |||
| CVE-2017-8367 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Bur… | |||
| CVE-2017-8364 | high | 7.8 | 7.8 | 9y ago | The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a c… | |||
| CVE-2017-7721 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file. | |||
| CVE-2017-2156 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified… | |||
| CVE-2017-2154 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JU… | |||
| CVE-2017-2130 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unsp… | |||
| CVE-2017-2108 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2107 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified … | |||
| CVE-2017-7720 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password. | |||
| CVE-2017-8109 | high | 7.8 | 7.8 | 9y ago | The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on co… | |||
| CVE-2017-5039 | high | 7.8 | 7.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5037 | high | 7.8 | 7.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5036 | high | 7.8 | 7.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3620 | high | 7.8 | 7.8 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-3584 | high | 7.8 | 7.8 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Difficult to … | |||
| CVE-2017-3581 | high | 7.8 | 7.8 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-3237 | high | 7.8 | 7.8 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-8072 | high | 7.8 | 7.8 | 9y ago | The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local us… | |||
| CVE-2017-8070 | high | 7.8 | 7.8 | 9y ago | drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory c… | |||
| CVE-2017-8069 | high | 7.8 | 7.8 | 9y ago | drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memor… | |||
| CVE-2017-8068 | high | 7.8 | 7.8 | 9y ago | drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memor… | |||
| CVE-2017-8067 | high | 7.8 | 7.8 | 9y ago | drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (syste… | |||
| CVE-2017-8066 | high | 7.8 | 7.8 | 9y ago | drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system … | |||
| CVE-2017-8065 | high | 7.8 | 7.8 | 9y ago | crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memor… | |||
| CVE-2017-8064 | high | 7.8 | 7.8 | 9y ago | drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of … | |||
| CVE-2017-8063 | high | 7.8 | 7.8 | 9y ago | drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (s… | |||
| CVE-2017-8062 | high | 7.8 | 7.8 | 9y ago | drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (s… | |||
| CVE-2017-8061 | high | 7.8 | 7.8 | 9y ago | drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of … | |||
| CVE-2017-7979 | high | 7.8 | 7.8 | 9y ago | The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denia… | |||
| CVE-2017-7975 | high | 7.8 | 7.8 | 9y ago | Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted J… | |||
| CVE-2017-7961 | high | 7.8 | 7.8 | 9y ago | The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attacker… | |||
| CVE-2017-7948 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified o… | |||
| CVE-2017-7850 | high | 7.8 | 7.8 | 9y ago | Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | |||
| CVE-2017-7889 | high | 7.8 | 7.8 | 9y ago | The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the f… | |||
| CVE-2017-7218 | high | 7.8 | 7.8 | 9y ago | The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. | |||
| CVE-2017-3065 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Succe… | |||
| CVE-2017-3058 | high | 7.8 | 7.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3057 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaborati… | |||
| CVE-2017-3056 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string m… | |||
| CVE-2017-3055 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Su… | |||
| CVE-2017-3054 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to ma… | |||
| CVE-2017-3051 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to pa… | |||
| CVE-2017-3050 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to pa… | |||
| CVE-2017-3049 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to intern… | |||
| CVE-2017-3048 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to intern… | |||
| CVE-2017-3047 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related AP… | |||
| CVE-2017-3044 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image sca… | |||
| CVE-2017-3042 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets i… | |||
| CVE-2017-3041 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible … | |||
| CVE-2017-3040 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Succes… | |||
| CVE-2017-3039 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful e… |