CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0785 | medium | 6.5 | 7.5 | 9y ago | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | |||
| CVE-2017-1002151 | high | 7.5 | 7.5 | 9y ago | Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | |||
| CVE-2017-1002007 | high | 7.5 | 7.5 | 9y ago | Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | |||
| CVE-2017-1002006 | high | 7.5 | 7.5 | 9y ago | Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | |||
| CVE-2017-1002005 | high | 7.5 | 7.5 | 9y ago | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | |||
| CVE-2017-1002004 | high | 7.5 | 7.5 | 9y ago | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | |||
| CVE-2017-12989 | high | 7.5 | 7.5 | 9y ago | The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). | |||
| CVE-2017-7561 | high | 7.5 | 7.5 | 9y ago | Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP | |||
| CVE-2017-14430 | high | 7.5 | 7.5 | 9y ago | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via craft… | |||
| CVE-2017-14423 | high | 7.5 | 7.5 | 9y ago | htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for rem… | |||
| CVE-2017-14422 | high | 7.5 | 7.5 | 9y ago | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different custome… | |||
| CVE-2017-14404 | high | 7.5 | 7.5 | 9y ago | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_li… | |||
| CVE-2017-8757 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge h… | |||
| CVE-2017-8756 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E… | |||
| CVE-2017-8753 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microso… | |||
| CVE-2017-8752 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edg… | |||
| CVE-2017-8750 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16… | |||
| CVE-2017-8749 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-8748 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16… | |||
| CVE-2017-8747 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows… | |||
| CVE-2017-8741 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Go… | |||
| CVE-2017-8738 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edg… | |||
| CVE-2017-8737 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitra… | |||
| CVE-2017-8728 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitra… | |||
| CVE-2017-8696 | high | 7.5 | 7.5 | 9y ago | Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; … | |||
| CVE-2017-8692 | high | 7.5 | 7.5 | 9y ago | The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution … | |||
| CVE-2017-8649 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaS… | |||
| CVE-2017-11766 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E… | |||
| CVE-2017-1162 | high | 7.5 | 7.5 | 9y ago | IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. | |||
| CVE-2017-14315 | high | 7.5 | 7.5 | 9y ago | In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with at… | |||
| CVE-2017-14240 | high | 7.5 | 7.5 | 9y ago | Dolibarr ERP and CRM Sensitive Data Disclosure | |||
| CVE-2017-14229 | high | 7.5 | 7.5 | 9y ago | There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | |||
| CVE-2017-14227 | high | 7.5 | 7.5 | 9y ago | In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based b… | |||
| CVE-2017-14226 | high | 7.5 | 7.5 | 9y ago | WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read … | |||
| CVE-2017-2550 | high | 7.5 | 7.5 | 9y ago | Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename. | |||
| CVE-2017-6791 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affe… | |||
| CVE-2017-6780 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventual… | |||
| CVE-2017-6631 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of servi… | |||
| CVE-2017-6362 | high | 7.5 | 7.5 | 9y ago | Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | |||
| CVE-2017-1491 | high | 7.5 | 7.5 | 9y ago | IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authen… | |||
| CVE-2017-1130 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h… | |||
| CVE-2017-1129 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213… | |||
| CVE-2017-14158 | high | 7.5 | 7.5 | 9y ago | Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files … | |||
| CVE-2017-14149 | high | 7.5 | 7.5 | 9y ago | GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | |||
| CVE-2017-14137 | high | 7.5 | 7.5 | 9y ago | ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. | |||
| CVE-2017-14120 | high | 7.5 | 7.5 | 9y ago | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | |||
| CVE-2017-14099 | high | 7.5 | 7.5 | 9y ago | In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data di… | |||
| CVE-2017-14098 | high | 7.5 | 7.5 | 9y ago | In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. | |||
| CVE-2017-14053 | high | 7.5 | 7.5 | 9y ago | NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to captur… | |||
| CVE-2017-12874 | high | 7.5 | 7.5 | 9y ago | The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. | |||
| CVE-2017-13711 | high | 7.5 | 7.5 | 9y ago | Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properl… | |||
| CVE-2017-12869 | high | 7.5 | 7.5 | 9y ago | The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via … | |||
| CVE-2017-14063 | high | 7.5 | 7.5 | 9y ago | Improper Input Validation in async-http-client | |||
| CVE-2017-12734 | high | 7.5 | 7.5 | 9y ago | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the sessio… | |||
| CVE-2017-12710 | high | 7.5 | 7.5 | 9y ago | A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could … | |||
| CVE-2017-13780 | high | 7.5 | 7.5 | 9y ago | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | |||
| CVE-2017-3163 | high | 7.5 | 7.5 | 9y ago | Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core | |||
| CVE-2017-13767 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. | |||
| CVE-2017-13766 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. | |||
| CVE-2017-13765 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validat… | |||
| CVE-2017-13764 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. | |||
| CVE-2017-13763 | high | 7.5 | 7.5 | 9y ago | ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload | |||
| CVE-2017-0379 | high | 7.5 | 7.5 | 9y ago | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | |||
| CVE-2017-3154 | high | 7.5 | 7.5 | 9y ago | Apache Atlas produces Stack trace in error response | |||
| CVE-2017-12775 | high | 7.5 | 7.5 | 9y ago | qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. | |||
| CVE-2017-13752 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13751 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13750 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13749 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13748 | high | 7.5 | 7.5 | 9y ago | There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | |||
| CVE-2017-13747 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13746 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13745 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmsta… | |||
| CVE-2017-13735 | high | 7.5 | 7.5 | 9y ago | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | |||
| CVE-2017-13728 | high | 7.5 | 7.5 | 9y ago | There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-10843 | high | 7.5 | 7.5 | 9y ago | Arbitrary file delete in baserCMS | |||
| CVE-2017-0900 | high | 7.5 | 7.5 | 9y ago | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | |||
| CVE-2017-6594 | high | 7.5 | 7.5 | 9y ago | The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path o… | |||
| CVE-2017-13712 | high | 7.5 | 7.5 | 9y ago | NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. | |||
| CVE-2017-12954 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. | |||
| CVE-2017-12953 | medium | 6.5 | 7.5 | 9y ago | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. | |||
| CVE-2017-12952 | medium | 6.5 | 7.5 | 9y ago | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||
| CVE-2017-12951 | medium | 6.5 | 7.5 | 9y ago | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a craft… | |||
| CVE-2017-12950 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||
| CVE-2017-13710 | high | 7.5 | 7.5 | 9y ago | The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer der… | |||
| CVE-2017-13709 | high | 7.5 | 7.5 | 9y ago | In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. | |||
| CVE-2017-12817 | high | 7.5 | 7.5 | 9y ago | In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | |||
| CVE-2017-12694 | high | 7.5 | 7.5 | 9y ago | A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | |||
| CVE-2017-13692 | high | 7.5 | 7.5 | 9y ago | In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | |||
| CVE-2017-9511 | high | 7.5 | 7.5 | 9y ago | The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucib… | |||
| CVE-2017-9512 | high | 7.5 | 7.5 | 9y ago | The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committe… | |||
| CVE-2017-11424 | high | 7.5 | 7.5 | 9y ago | In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed becau… | |||
| CVE-2017-12836 | high | 7.5 | 7.5 | 9y ago | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand… | |||
| CVE-2017-13143 | high | 7.5 | 7.5 | 9y ago | In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from proces… | |||
| CVE-2017-8037 | high | 7.5 | 7.5 | 9y ago | In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took ste… | |||
| CVE-2017-12784 | high | 7.5 | 7.5 | 9y ago | In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An exam… | |||
| CVE-2017-12974 | high | 7.5 | 7.5 | 9y ago | Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT | |||
| CVE-2017-12972 | high | 7.5 | 7.5 | 9y ago | Nimbus JOSE+JWT missing overflow check | |||
| CVE-2017-12964 | high | 7.5 | 7.5 | 9y ago | There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. | |||
| CVE-2017-12963 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitabl… |