CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11177 | high | 7.5 | 7.5 | 9y ago | TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory. | |||
| CVE-2017-16540 | high | 7.5 | 7.5 | 9y ago | OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL serv… | |||
| CVE-2017-1000151 | high | 7.5 | 7.5 | 9y ago | Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. | |||
| CVE-2017-1000133 | high | 7.5 | 7.5 | 9y ago | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of th… | |||
| CVE-2017-16516 | high | 7.5 | 7.5 | 9y ago | In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c.… | |||
| CVE-2017-12281 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points cou… | |||
| CVE-2017-12280 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote att… | |||
| CVE-2017-16248 | high | 7.5 | 7.5 | 9y ago | The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended pol… | |||
| CVE-2017-3935 | high | 7.5 | 7.5 | 9y ago | Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body … | |||
| CVE-2017-14919 | high | 7.5 | 7.5 | 9y ago | Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 makin… | |||
| CVE-2017-16227 | high | 7.5 | 7.5 | 9y ago | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for l… | |||
| CVE-2017-15998 | high | 7.5 | 7.5 | 9y ago | In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cle… | |||
| CVE-2017-15938 | high | 7.5 | 7.5 | 9y ago | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows … | |||
| CVE-2017-15582 | high | 7.5 | 7.5 | 9y ago | In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obta… | |||
| CVE-2017-15581 | high | 7.5 | 7.5 | 9y ago | In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a… | |||
| CVE-2017-0303 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections han… | |||
| CVE-2017-5068 | high | 7.5 | 7.5 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2017-15928 | high | 7.5 | 7.5 | 9y ago | In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but… | |||
| CVE-2017-3771 | high | 7.5 | 7.5 | 9y ago | System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. | |||
| CVE-2017-12159 | high | 7.5 | 7.5 | 9y ago | Keycloak CSRF Vulnerability | |||
| CVE-2017-15908 | high | 7.5 | 7.5 | 9y ago | In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-re… | |||
| CVE-2017-15882 | high | 7.5 | 7.5 | 9y ago | The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. | |||
| CVE-2017-1583 | high | 7.5 | 7.5 | 9y ago | IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. | |||
| CVE-2017-1523 | high | 7.5 | 7.5 | 9y ago | IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. | |||
| CVE-2017-1375 | high | 7.5 | 7.5 | 9y ago | IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:… | |||
| CVE-2017-1210 | high | 7.5 | 7.5 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. | |||
| CVE-2017-15871 | high | 7.5 | 7.5 | 9y ago | The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as dem… | |||
| CVE-2017-9946 | high | 7.5 | 7.5 | 9y ago | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 44… | |||
| CVE-2017-15805 | high | 7.5 | 7.5 | 9y ago | Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | |||
| CVE-2017-15377 | high | 7.5 | 7.5 | 9y ago | In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engi… | |||
| CVE-2017-14328 | high | 7.5 | 7.5 | 9y ago | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot. | |||
| CVE-2017-7133 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in … | |||
| CVE-2017-7116 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote… | |||
| CVE-2017-7090 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7086 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" c… | |||
| CVE-2017-7080 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Securit… | |||
| CVE-2017-15723 | high | 7.5 | 7.5 | 9y ago | In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | |||
| CVE-2017-15721 | high | 7.5 | 7.5 | 9y ago | In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. | |||
| CVE-2017-15228 | high | 7.5 | 7.5 | 9y ago | Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. | |||
| CVE-2017-15227 | high | 7.5 | 7.5 | 9y ago | Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the stat… | |||
| CVE-2017-2132 | high | 7.5 | 7.5 | 9y ago | Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. | |||
| CVE-2017-15650 | high | 7.5 | 7.5 | 9y ago | musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide a… | |||
| CVE-2017-10933 | high | 7.5 | 7.5 | 9y ago | All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary file… | |||
| CVE-2017-5635 | high | 7.5 | 7.5 | 9y ago | Improper Authentication In Apache NiFi | |||
| CVE-2017-10388 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u… | |||
| CVE-2017-10373 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Health Center). Supported versions that are affected are 8.55 and 8.56. Easily exploit… | |||
| CVE-2017-10369 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Server). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Diffi… | |||
| CVE-2017-10335 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Supported versions that are affected are 8.55 and 8.56. Easily exploi… | |||
| CVE-2017-10332 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, … | |||
| CVE-2017-10328 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.… | |||
| CVE-2017-10310 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerabili… | |||
| CVE-2017-10260 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3… | |||
| CVE-2017-10259 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerabil… | |||
| CVE-2017-10155 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploita… | |||
| CVE-2017-10037 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable … | |||
| CVE-2017-15609 | high | 7.5 | 7.5 | 9y ago | Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets. | |||
| CVE-2017-12260 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote att… | |||
| CVE-2017-12259 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an af… | |||
| CVE-2017-15602 | high | 7.5 | 7.5 | 9y ago | In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted s… | |||
| CVE-2017-15601 | high | 7.5 | 7.5 | 9y ago | In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. | |||
| CVE-2017-15600 | high | 7.5 | 7.5 | 9y ago | In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. | |||
| CVE-2017-15577 | high | 7.5 | 7.5 | 9y ago | Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. | |||
| CVE-2017-15576 | high | 7.5 | 7.5 | 9y ago | Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. | |||
| CVE-2017-15572 | high | 7.5 | 7.5 | 9y ago | In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redire… | |||
| CVE-2017-9368 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific f… | |||
| CVE-2017-15297 | high | 7.5 | 7.5 | 9y ago | SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. | |||
| CVE-2017-15363 | high | 7.5 | 7.5 | 9y ago | Luracast Restler directory traversal vulnerability | |||
| CVE-2017-10624 | high | 7.5 | 7.5 | 9y ago | Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affect… | |||
| CVE-2017-10619 | high | 7.5 | 7.5 | 9y ago | When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certai… | |||
| CVE-2017-10614 | high | 7.5 | 7.5 | 9y ago | A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product securit… | |||
| CVE-2017-10608 | high | 7.5 | 7.5 | 9y ago | Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services c… | |||
| CVE-2017-10607 | high | 7.5 | 7.5 | 9y ago | Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the R… | |||
| CVE-2017-8727 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execut… | |||
| CVE-2017-11822 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-11821 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11819 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Executi… | |||
| CVE-2017-11813 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the… | |||
| CVE-2017-11812 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripti… | |||
| CVE-2017-11808 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11807 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11806 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11805 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11804 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11801 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11800 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handl… | |||
| CVE-2017-11798 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine… | |||
| CVE-2017-11797 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11796 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11792 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11781 | high | 7.5 | 7.5 | 9y ago | The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and… | |||
| CVE-2017-11776 | high | 7.5 | 7.5 | 9y ago | Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability." | |||
| CVE-2017-11772 | high | 7.5 | 7.5 | 9y ago | The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-15290 | high | 7.5 | 7.5 | 9y ago | Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data… | |||
| CVE-2017-15268 | high | 7.5 | 7.5 | 9y ago | Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | |||
| CVE-2017-15286 | high | 7.5 | 7.5 | 9y ago | SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never in… | |||
| CVE-2017-15267 | high | 7.5 | 7.5 | 9y ago | In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. | |||
| CVE-2017-5722 | high | 7.5 | 7.5 | 9y ago | Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enfo… | |||
| CVE-2017-5721 | high | 7.5 | 7.5 | 9y ago | Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipul… | |||
| CVE-2017-15193 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. | |||
| CVE-2017-15192 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have th… |