CVEs from 2017
Total
11,664
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11029 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux d… | |||
| CVE-2017-11027 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header s… | |||
| CVE-2017-11026 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be c… | |||
| CVE-2017-11024 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Fr… | |||
| CVE-2017-11023 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in acc… | |||
| CVE-2017-11018 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel | |||
| CVE-2017-11017 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or acce… | |||
| CVE-2017-11015 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in… | |||
| CVE-2017-11014 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overf… | |||
| CVE-2017-11013 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boun… | |||
| CVE-2017-11012 | high | 7.8 | 7.8 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 … | |||
| CVE-2017-0866 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kerne… | |||
| CVE-2017-4932 | high | 7.8 | 7.8 | 9y ago | VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Su… | |||
| CVE-2017-4931 | high | 7.8 | 7.8 | 9y ago | VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this… | |||
| CVE-2017-1087 | high | 7.8 | 7.8 | 9y ago | In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory… | |||
| CVE-2017-12314 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device avail… | |||
| CVE-2017-13135 | high | 7.8 | 7.8 | 9y ago | A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. | |||
| CVE-2017-16837 | high | 7.8 | 7.8 | 9y ago | Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module… | |||
| CVE-2017-16834 | high | 7.8 | 7.8 | 9y ago | PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging acc… | |||
| CVE-2017-15115 | high | 7.8 | 7.8 | 9y ago | The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of… | |||
| CVE-2017-15288 | high | 7.8 | 7.8 | 9y ago | High severity vulnerability that affects org.scala-lang:scala-compiler | |||
| CVE-2017-16832 | high | 7.8 | 7.8 | 9y ago | The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dic… | |||
| CVE-2017-16831 | high | 7.8 | 7.8 | 9y ago | coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of servi… | |||
| CVE-2017-16830 | high | 7.8 | 7.8 | 9y ago | The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (seg… | |||
| CVE-2017-16829 | high | 7.8 | 7.8 | 9y ago | The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, whi… | |||
| CVE-2017-16828 | high | 7.8 | 7.8 | 9y ago | The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or p… | |||
| CVE-2017-16827 | high | 7.8 | 7.8 | 9y ago | The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service… | |||
| CVE-2017-16826 | high | 7.8 | 7.8 | 9y ago | The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service … | |||
| CVE-2017-11884 | high | 7.8 | 7.8 | 9y ago | Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corru… | |||
| CVE-2017-11878 | high | 7.8 | 7.8 | 9y ago | Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibi… | |||
| CVE-2017-11847 | high | 7.8 | 7.8 | 9y ago | Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Ser… | |||
| CVE-2017-6264 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution … | |||
| CVE-2017-14020 | high | 7.8 | 7.8 | 9y ago | In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number E… | |||
| CVE-2017-14388 | high | 7.8 | 7.8 | 9y ago | Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an… | |||
| CVE-2017-3767 | high | 7.8 | 7.8 | 9y ago | A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute co… | |||
| CVE-2017-3166 | high | 7.8 | 7.8 | 9y ago | Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main | |||
| CVE-2017-10885 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-7132 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a den… | |||
| CVE-2017-13843 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context o… | |||
| CVE-2017-13838 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Sandbox" component. It allows attackers to execute arbitrary code in a privileged context … | |||
| CVE-2017-13834 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows remote attackers to cause a denial of service (memory corrupt… | |||
| CVE-2017-13833 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-13830 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or c… | |||
| CVE-2017-13829 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-13825 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denia… | |||
| CVE-2017-13824 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary co… | |||
| CVE-2017-13816 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a den… | |||
| CVE-2017-13814 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial… | |||
| CVE-2017-13813 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a den… | |||
| CVE-2017-13812 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a den… | |||
| CVE-2017-13811 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged conte… | |||
| CVE-2017-13809 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted… | |||
| CVE-2017-13808 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privilege… | |||
| CVE-2017-13807 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial o… | |||
| CVE-2017-13800 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or … | |||
| CVE-2017-13799 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the … | |||
| CVE-2017-16797 | high | 7.8 | 7.8 | 9y ago | In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (… | |||
| CVE-2017-16796 | high | 7.8 | 7.8 | 9y ago | In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application cras… | |||
| CVE-2017-16793 | high | 7.8 | 7.8 | 9y ago | The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer ov… | |||
| CVE-2017-16757 | high | 7.8 | 7.8 | 9y ago | Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | |||
| CVE-2017-16667 | high | 7.8 | 7.8 | 9y ago | backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell com… | |||
| CVE-2017-12824 | high | 7.8 | 7.8 | 9y ago | Special crafted InPage document leads to arbitrary code execution in InPage reader. | |||
| CVE-2017-16659 | high | 7.8 | 7.8 | 9y ago | The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl scrip… | |||
| CVE-2017-13681 | high | 7.8 | 7.8 | 9y ago | Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources t… | |||
| CVE-2017-14031 | high | 7.8 | 7.8 | 9y ago | An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. | |||
| CVE-2017-14029 | high | 7.8 | 7.8 | 9y ago | An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. | |||
| CVE-2017-16526 | high | 7.8 | 7.8 | 9y ago | drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafte… | |||
| CVE-2017-12261 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated… | |||
| CVE-2017-10870 | high | 7.8 | 7.8 | 9y ago | Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2… | |||
| CVE-2017-10825 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-16358 | high | 7.8 | 7.8 | 9y ago | In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. | |||
| CVE-2017-16357 | high | 7.8 | 7.8 | 9y ago | In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This … | |||
| CVE-2017-15566 | high | 7.8 | 7.8 | 9y ago | Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog… | |||
| CVE-2017-14376 | high | 7.8 | 7.8 | 9y ago | EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | |||
| CVE-2017-9450 | high | 7.8 | 7.8 | 9y ago | The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the abili… | |||
| CVE-2017-15997 | high | 7.8 | 7.8 | 9y ago | In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attac… | |||
| CVE-2017-15996 | high | 7.8 | 7.8 | 9y ago | elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that trig… | |||
| CVE-2017-15951 | high | 7.8 | 7.8 | 9y ago | The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local… | |||
| CVE-2017-15945 | high | 7.8 | 7.8 | 9y ago | The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writab… | |||
| CVE-2017-15932 | high | 7.8 | 7.8 | 9y ago | In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing t… | |||
| CVE-2017-15931 | high | 7.8 | 7.8 | 9y ago | In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit syst… | |||
| CVE-2017-15924 | high | 7.8 | 7.8 | 9y ago | In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related t… | |||
| CVE-2017-5996 | high | 7.8 | 7.8 | 9y ago | The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. | |||
| CVE-2017-12705 | high | 7.8 | 7.8 | 9y ago | A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an … | |||
| CVE-2017-15567 | high | 7.8 | 7.8 | 9y ago | The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via … | |||
| CVE-2017-7149 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APF… | |||
| CVE-2017-7137 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2017-7136 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2017-7135 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2017-7134 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2017-7127 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. iCloud before 7.0 on Windows is affected. tvOS before 11 is affected. watchOS before 4 is… | |||
| CVE-2017-7114 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel"… | |||
| CVE-2017-7077 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged c… | |||
| CVE-2017-7076 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2017-15789 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x000000… | |||
| CVE-2017-15788 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x000000… | |||
| CVE-2017-15787 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at … | |||
| CVE-2017-15786 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting a… | |||
| CVE-2017-15785 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL st… | |||
| CVE-2017-15784 | high | 7.8 | 7.8 | 9y ago | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an "Illegal Instruction Violation starting at xnvie… |