CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8756 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E… | |||
| CVE-2017-8753 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microso… | |||
| CVE-2017-8752 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edg… | |||
| CVE-2017-8750 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16… | |||
| CVE-2017-8749 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-8748 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16… | |||
| CVE-2017-8747 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows… | |||
| CVE-2017-8741 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Go… | |||
| CVE-2017-8738 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edg… | |||
| CVE-2017-8737 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitra… | |||
| CVE-2017-8728 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitra… | |||
| CVE-2017-8696 | high | 7.5 | 7.5 | 9y ago | Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; … | |||
| CVE-2017-8692 | high | 7.5 | 7.5 | 9y ago | The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution … | |||
| CVE-2017-8649 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaS… | |||
| CVE-2017-11766 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E… | |||
| CVE-2017-1162 | high | 7.5 | 7.5 | 9y ago | IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. | |||
| CVE-2017-14315 | high | 7.5 | 7.5 | 9y ago | In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with at… | |||
| CVE-2017-14240 | high | 7.5 | 7.5 | 9y ago | Dolibarr ERP and CRM Sensitive Data Disclosure | |||
| CVE-2017-14229 | high | 7.5 | 7.5 | 9y ago | There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | |||
| CVE-2017-14227 | high | 7.5 | 7.5 | 9y ago | In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based b… | |||
| CVE-2017-14226 | high | 7.5 | 7.5 | 9y ago | WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read … | |||
| CVE-2017-2550 | high | 7.5 | 7.5 | 9y ago | Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename. | |||
| CVE-2017-6791 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affe… | |||
| CVE-2017-6780 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventual… | |||
| CVE-2017-6631 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of servi… | |||
| CVE-2017-6362 | high | 7.5 | 7.5 | 9y ago | Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | |||
| CVE-2017-1491 | high | 7.5 | 7.5 | 9y ago | IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authen… | |||
| CVE-2017-14158 | high | 7.5 | 7.5 | 9y ago | Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files … | |||
| CVE-2017-14149 | high | 7.5 | 7.5 | 9y ago | GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | |||
| CVE-2017-14137 | high | 7.5 | 7.5 | 9y ago | ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. | |||
| CVE-2017-14120 | high | 7.5 | 7.5 | 9y ago | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | |||
| CVE-2017-14099 | high | 7.5 | 7.5 | 9y ago | In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data di… | |||
| CVE-2017-14098 | high | 7.5 | 7.5 | 9y ago | In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. | |||
| CVE-2017-14053 | high | 7.5 | 7.5 | 9y ago | NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to captur… | |||
| CVE-2017-12874 | high | 7.5 | 7.5 | 9y ago | The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. | |||
| CVE-2017-13711 | high | 7.5 | 7.5 | 9y ago | Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properl… | |||
| CVE-2017-12869 | high | 7.5 | 7.5 | 9y ago | The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via … | |||
| CVE-2017-14063 | high | 7.5 | 7.5 | 9y ago | Improper Input Validation in async-http-client | |||
| CVE-2017-12734 | high | 7.5 | 7.5 | 9y ago | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the sessio… | |||
| CVE-2017-12710 | high | 7.5 | 7.5 | 9y ago | A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could … | |||
| CVE-2017-13780 | high | 7.5 | 7.5 | 9y ago | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | |||
| CVE-2017-3163 | high | 7.5 | 7.5 | 9y ago | Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core | |||
| CVE-2017-13767 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. | |||
| CVE-2017-13766 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. | |||
| CVE-2017-13765 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validat… | |||
| CVE-2017-13764 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. | |||
| CVE-2017-13763 | high | 7.5 | 7.5 | 9y ago | ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload | |||
| CVE-2017-0379 | high | 7.5 | 7.5 | 9y ago | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | |||
| CVE-2017-3154 | high | 7.5 | 7.5 | 9y ago | Apache Atlas produces Stack trace in error response | |||
| CVE-2017-12775 | high | 7.5 | 7.5 | 9y ago | qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. | |||
| CVE-2017-13752 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13751 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13750 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13749 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13748 | high | 7.5 | 7.5 | 9y ago | There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | |||
| CVE-2017-13747 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13746 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13745 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmsta… | |||
| CVE-2017-13735 | high | 7.5 | 7.5 | 9y ago | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | |||
| CVE-2017-13728 | high | 7.5 | 7.5 | 9y ago | There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-10843 | high | 7.5 | 7.5 | 9y ago | Arbitrary file delete in baserCMS | |||
| CVE-2017-0900 | high | 7.5 | 7.5 | 9y ago | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | |||
| CVE-2017-6594 | high | 7.5 | 7.5 | 9y ago | The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path o… | |||
| CVE-2017-13712 | high | 7.5 | 7.5 | 9y ago | NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. | |||
| CVE-2017-13710 | high | 7.5 | 7.5 | 9y ago | The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer der… | |||
| CVE-2017-13709 | high | 7.5 | 7.5 | 9y ago | In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. | |||
| CVE-2017-12817 | high | 7.5 | 7.5 | 9y ago | In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | |||
| CVE-2017-12694 | high | 7.5 | 7.5 | 9y ago | A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | |||
| CVE-2017-13692 | high | 7.5 | 7.5 | 9y ago | In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | |||
| CVE-2017-9511 | high | 7.5 | 7.5 | 9y ago | The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucib… | |||
| CVE-2017-9512 | high | 7.5 | 7.5 | 9y ago | The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committe… | |||
| CVE-2017-11424 | high | 7.5 | 7.5 | 9y ago | In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed becau… | |||
| CVE-2017-12836 | high | 7.5 | 7.5 | 9y ago | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand… | |||
| CVE-2017-13143 | high | 7.5 | 7.5 | 9y ago | In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from proces… | |||
| CVE-2017-8037 | high | 7.5 | 7.5 | 9y ago | In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took ste… | |||
| CVE-2017-12784 | high | 7.5 | 7.5 | 9y ago | In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An exam… | |||
| CVE-2017-12974 | high | 7.5 | 7.5 | 9y ago | Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT | |||
| CVE-2017-12972 | high | 7.5 | 7.5 | 9y ago | Nimbus JOSE+JWT missing overflow check | |||
| CVE-2017-12964 | high | 7.5 | 7.5 | 9y ago | There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. | |||
| CVE-2017-12963 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitabl… | |||
| CVE-2017-12962 | high | 7.5 | 7.5 | 9y ago | There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. | |||
| CVE-2017-12961 | high | 7.5 | 7.5 | 9y ago | There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||
| CVE-2017-12960 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||
| CVE-2017-12959 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. | |||
| CVE-2017-12958 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||
| CVE-2017-9680 | high | 7.5 | 7.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error mes… | |||
| CVE-2017-9679 | high | 7.5 | 7.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. | |||
| CVE-2017-11185 | high | 7.5 | 7.5 | 9y ago | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | |||
| CVE-2017-12944 | high | 7.5 | 7.5 | 9y ago | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and appl… | |||
| CVE-2017-9454 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DN… | |||
| CVE-2017-12440 | high | 7.5 | 7.5 | 9y ago | Openstack Aodh can be used to launder Keystone trusts | |||
| CVE-2017-12938 | high | 7.5 | 7.5 | 9y ago | UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | |||
| CVE-2017-12934 | high | 7.5 | 7.5 | 9y ago | ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/… | |||
| CVE-2017-6771 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insu… | |||
| CVE-2017-7548 | high | 7.5 | 7.5 | 9y ago | PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents o… | |||
| CVE-2017-12852 | high | 7.5 | 7.5 | 9y ago | The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. | |||
| CVE-2017-3110 | high | 7.5 | 7.5 | 9y ago | Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. | |||
| CVE-2017-3107 | high | 7.5 | 7.5 | 9y ago | Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. | |||
| CVE-2017-3091 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11280 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |