CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3038 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) strea… | |||
| CVE-2017-3036 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of … | |||
| CVE-2017-3035 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Succ… | |||
| CVE-2017-3034 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, re… | |||
| CVE-2017-3030 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation co… | |||
| CVE-2017-3028 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to pr… | |||
| CVE-2017-3027 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList ele… | |||
| CVE-2017-3026 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Su… | |||
| CVE-2017-3025 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation man… | |||
| CVE-2017-3024 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful… | |||
| CVE-2017-3023 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionali… | |||
| CVE-2017-3019 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) f… | |||
| CVE-2017-3018 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exp… | |||
| CVE-2017-3017 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successfu… | |||
| CVE-2017-3015 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successfu… | |||
| CVE-2017-3014 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset… | |||
| CVE-2017-3013 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging. | |||
| CVE-2017-3012 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin. | |||
| CVE-2017-3011 | high | 7.8 | 7.8 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploi… | |||
| CVE-2017-3007 | high | 7.8 | 7.8 | 9y ago | Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications. | |||
| CVE-2017-3005 | high | 7.8 | 7.8 | 9y ago | Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability. | |||
| CVE-2017-3004 | high | 7.8 | 7.8 | 9y ago | Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Successful exploitation could lead to … | |||
| CVE-2017-0197 | high | 7.8 | 7.8 | 9y ago | Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability." | |||
| CVE-2017-0189 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability … | |||
| CVE-2017-0106 | high | 7.8 | 7.8 | 9y ago | Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corr… | |||
| CVE-2017-7605 | high | 7.8 | 7.8 | 9y ago | aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other i… | |||
| CVE-2017-7604 | high | 7.8 | 7.8 | 9y ago | au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have un… | |||
| CVE-2017-7603 | high | 7.8 | 7.8 | 9y ago | au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified ot… | |||
| CVE-2017-7602 | high | 7.8 | 7.8 | 9y ago | LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||
| CVE-2017-7601 | high | 7.8 | 7.8 | 9y ago | LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unsp… | |||
| CVE-2017-7600 | high | 7.8 | 7.8 | 9y ago | LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or… | |||
| CVE-2017-7599 | high | 7.8 | 7.8 | 9y ago | LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibl… | |||
| CVE-2017-7598 | high | 7.8 | 7.8 | 9y ago | tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. | |||
| CVE-2017-7597 | high | 7.8 | 7.8 | 9y ago | tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application … | |||
| CVE-2017-7596 | high | 7.8 | 7.8 | 9y ago | LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibl… | |||
| CVE-2017-7592 | high | 7.8 | 7.8 | 9y ago | The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2017-6033 | high | 7.8 | 7.8 | 9y ago | A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is na… | |||
| CVE-2017-0564 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Criti… | |||
| CVE-2017-0563 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Cri… | |||
| CVE-2017-0562 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated a… | |||
| CVE-2017-0554 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate … | |||
| CVE-2017-0546 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High … | |||
| CVE-2017-0545 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High bec… | |||
| CVE-2017-0544 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution … | |||
| CVE-2017-0543 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is … | |||
| CVE-2017-0542 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is … | |||
| CVE-2017-0541 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is… | |||
| CVE-2017-0540 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is… | |||
| CVE-2017-0539 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is… | |||
| CVE-2017-0538 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is … | |||
| CVE-2017-7584 | high | 7.8 | 7.8 | 9y ago | Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file. | |||
| CVE-2017-6600 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an… | |||
| CVE-2017-6597 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appli… | |||
| CVE-2017-7578 | high | 7.8 | 7.8 | 9y ago | Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a craft… | |||
| CVE-2017-2675 | high | 7.8 | 7.8 | 9y ago | Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.ob… | |||
| CVE-2017-7444 | high | 7.8 | 7.8 | 9y ago | In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed. | |||
| CVE-2017-5683 | high | 7.8 | 7.8 | 9y ago | Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access. | |||
| CVE-2017-7412 | high | 7.8 | 7.8 | 9y ago | NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. | |||
| CVE-2017-6448 | high | 7.8 | 7.8 | 9y ago | The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have u… | |||
| CVE-2017-6194 | high | 7.8 | 7.8 | 9y ago | The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified othe… | |||
| CVE-2017-2487 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2467 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2462 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2458 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2451 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2449 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-2441 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2440 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2438 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleRAID" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-2437 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows local users to gain privileges or cause a denial of se… | |||
| CVE-2017-2436 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged co… | |||
| CVE-2017-2435 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2432 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2431 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "CoreMedia" component. It allows remote attackers to execute arbitrary code or cause a deni… | |||
| CVE-2017-2430 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2427 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-2425 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to exec… | |||
| CVE-2017-2422 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged cont… | |||
| CVE-2017-2421 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbi… | |||
| CVE-2017-2420 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-2416 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2413 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "QuickTime" component. It allows remote attackers to execute arbitrary code or cause a deni… | |||
| CVE-2017-2410 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context v… | |||
| CVE-2017-2408 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOATAFamily" component. It allows attackers to execute arbitrary code in a privileged cont… | |||
| CVE-2017-2407 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2406 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2401 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2398 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary c… | |||
| CVE-2017-2392 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of servic… | |||
| CVE-2017-2379 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-7374 | high | 7.8 | 7.8 | 9y ago | Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring… | |||
| CVE-2017-2775 | high | 7.8 | 7.8 | 9y ago | An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI f… | |||
| CVE-2017-2647 | high | 7.8 | 7.8 | 9y ago | The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value fo… | |||
| CVE-2017-7294 | high | 7.8 | 7.8 | 9y ago | The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trig… | |||
| CVE-2017-6964 | high | 7.8 | 7.8 | 9y ago | dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute cod… | |||
| CVE-2017-6462 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/dat… | |||
| CVE-2017-6452 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. | |||
| CVE-2017-6451 | high | 7.8 | 7.8 | 9y ago | The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to e… | |||
| CVE-2017-5932 | high | 7.8 | 7.8 | 9y ago | The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. | |||
| CVE-2017-5330 | high | 7.8 | 7.8 | 9y ago | ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. |