CVEs from 2017
Total
11,713
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15733 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | |||
| CVE-2017-15732 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | |||
| CVE-2017-15731 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | |||
| CVE-2017-15730 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | |||
| CVE-2017-15729 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | |||
| CVE-2017-2133 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vecto… | |||
| CVE-2017-15645 | high | 8.8 | 8.8 | 9y ago | CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | |||
| CVE-2017-10955 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The sp… | |||
| CVE-2017-10424 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Web). Supported versions that are affected are 3.2.8.2223 and earlier, 3.3.4.3247 and earlier and 3.… | |||
| CVE-2017-10321 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged a… | |||
| CVE-2017-12271 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cr… | |||
| CVE-2017-15595 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via… | |||
| CVE-2017-15594 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotpl… | |||
| CVE-2017-15592 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishan… | |||
| CVE-2017-15590 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. | |||
| CVE-2017-15578 | high | 8.8 | 8.8 | 9y ago | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |||
| CVE-2017-15565 | high | 8.8 | 8.8 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | |||
| CVE-2017-14011 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site requ… | |||
| CVE-2017-14005 | high | 8.8 | 8.8 | 9y ago | An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the … | |||
| CVE-2017-5531 | high | 8.8 | 8.8 | 9y ago | Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may b… | |||
| CVE-2017-15296 | high | 8.8 | 8.8 | 9y ago | The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | |||
| CVE-2017-6224 | high | 8.8 | 8.8 | 9y ago | Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2… | |||
| CVE-2017-6223 | high | 8.8 | 8.8 | 9y ago | Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow… | |||
| CVE-2017-15276 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |||
| CVE-2017-15013 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |||
| CVE-2017-15012 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack… | |||
| CVE-2017-11786 | high | 8.8 | 8.8 | 9y ago | Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authen… | |||
| CVE-2017-11763 | high | 8.8 | 8.8 | 9y ago | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, a… | |||
| CVE-2017-11762 | high | 8.8 | 8.8 | 9y ago | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, a… | |||
| CVE-2017-9514 | high | 8.8 | 8.8 | 9y ago | Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in… | |||
| CVE-2017-15285 | high | 8.8 | 8.8 | 9y ago | X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This… | |||
| CVE-2017-15281 | high | 8.8 | 8.8 | 9y ago | ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "… | |||
| CVE-2017-2888 | high | 8.8 | 8.8 | 9y ago | An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocate… | |||
| CVE-2017-2887 | high | 8.8 | 8.8 | 9y ago | An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in po… | |||
| CVE-2017-15238 | high | 8.8 | 8.8 | 9y ago | ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | |||
| CVE-2017-15063 | high | 8.8 | 8.8 | 9y ago | Subrion CMS CSRF Vulnerability | |||
| CVE-2017-13996 | high | 8.8 | 8.8 | 9y ago | A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not ha… | |||
| CVE-2017-14353 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | |||
| CVE-2017-15017 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | |||
| CVE-2017-15016 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | |||
| CVE-2017-15015 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | |||
| CVE-2017-1000120 | high | 8.8 | 8.8 | 9y ago | [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | |||
| CVE-2017-1000107 | high | 8.8 | 8.8 | 9y ago | Sandbox bypass in Jenkins Script Security Plugin sandbox bypass | |||
| CVE-2017-1000096 | high | 8.8 | 8.8 | 9y ago | Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline | |||
| CVE-2017-1000093 | high | 8.8 | 8.8 | 9y ago | Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2017-1000090 | high | 8.8 | 8.8 | 9y ago | CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration | |||
| CVE-2017-14848 | high | 8.8 | 8.8 | 9y ago | WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | |||
| CVE-2017-14758 | high | 8.8 | 8.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.… | |||
| CVE-2017-14757 | high | 8.8 | 8.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/down… | |||
| CVE-2017-1311 | high | 8.8 | 8.8 | 9y ago | IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inf… | |||
| CVE-2017-13982 | high | 8.8 | 8.8 | 9y ago | A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |||
| CVE-2017-8448 | high | 8.8 | 8.8 | 9y ago | An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privil… | |||
| CVE-2017-14867 | high | 8.8 | 8.8 | 9y ago | Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers… | |||
| CVE-2017-12230 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due… | |||
| CVE-2017-12226 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco Ne… | |||
| CVE-2017-14847 | high | 8.8 | 8.8 | 9y ago | Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14846 | high | 8.8 | 8.8 | 9y ago | Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14845 | high | 8.8 | 8.8 | 9y ago | Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14844 | high | 8.8 | 8.8 | 9y ago | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |||
| CVE-2017-14843 | high | 8.8 | 8.8 | 9y ago | Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14842 | high | 8.8 | 8.8 | 9y ago | Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14840 | high | 8.8 | 8.8 | 9y ago | TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | |||
| CVE-2017-14839 | high | 8.8 | 8.8 | 9y ago | TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | |||
| CVE-2017-14838 | high | 8.8 | 8.8 | 9y ago | TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | |||
| CVE-2017-14796 | high | 8.8 | 8.8 | 9y ago | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via … | |||
| CVE-2017-14795 | high | 8.8 | 8.8 | 9y ago | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via… | |||
| CVE-2017-14527 | high | 8.8 | 8.8 | 9y ago | Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files… | |||
| CVE-2017-14526 | high | 8.8 | 8.8 | 9y ago | Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrar… | |||
| CVE-2017-1407 | high | 8.8 | 8.8 | 9y ago | IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacke… | |||
| CVE-2017-11191 | high | 8.8 | 8.8 | 9y ago | FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had… | |||
| CVE-2017-14767 | high | 8.8 | 8.8 | 9y ago | The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (h… | |||
| CVE-2017-14764 | high | 8.8 | 8.8 | 9y ago | GeniXCMS arbitrary PHP code execution | |||
| CVE-2017-14763 | high | 8.8 | 8.8 | 9y ago | GeniXCMS arbitrary PHP code execution | |||
| CVE-2017-1539 | high | 8.8 | 8.8 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LD… | |||
| CVE-2017-5200 | high | 8.8 | 8.8 | 9y ago | Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | |||
| CVE-2017-5192 | high | 8.8 | 8.8 | 9y ago | When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all au… | |||
| CVE-2017-14704 | high | 8.8 | 8.8 | 9y ago | Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code … | |||
| CVE-2017-14001 | high | 8.8 | 8.8 | 9y ago | An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may al… | |||
| CVE-2017-7969 | high | 8.8 | 8.8 | 9y ago | A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2… | |||
| CVE-2017-14734 | high | 8.8 | 8.8 | 9y ago | The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact v… | |||
| CVE-2017-14627 | high | 7.8 | 8.8 | 9y ago | Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) a… | |||
| CVE-2017-14081 | high | 8.8 | 8.8 | 9y ago | Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |||
| CVE-2017-14079 | high | 8.8 | 8.8 | 9y ago | Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |||
| CVE-2017-11395 | high | 8.8 | 8.8 | 9y ago | Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulner… | |||
| CVE-2017-3770 | high | 8.8 | 8.8 | 9y ago | Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the u… | |||
| CVE-2017-8007 | high | 8.8 | 8.8 | 9y ago | In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Ga… | |||
| CVE-2017-14682 | high | 8.8 | 8.8 | 9y ago | GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impa… | |||
| CVE-2017-14647 | high | 8.8 | 8.8 | 9y ago | A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote… | |||
| CVE-2017-14644 | high | 8.8 | 8.8 | 9y ago | A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code ex… | |||
| CVE-2017-14639 | high | 8.8 | 8.8 | 9y ago | AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to d… | |||
| CVE-2017-12929 | high | 8.8 | 8.8 | 9y ago | Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | |||
| CVE-2017-14160 | high | 8.8 | 8.8 | 9y ago | The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified ot… | |||
| CVE-2017-14635 | high | 8.8 | 8.8 | 9y ago | In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code in… | |||
| CVE-2017-12253 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery … | |||
| CVE-2017-12214 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remo… | |||
| CVE-2017-9333 | high | 8.8 | 8.8 | 9y ago | OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with … | |||
| CVE-2017-14509 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors … | |||
| CVE-2017-14508 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails… | |||
| CVE-2017-14500 | high | 8.8 | 8.8 | 9y ago | Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code exe… | |||
| CVE-2017-4924 | high | 8.8 | 8.8 | 9y ago | VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may a… |