CVEs from 2017
Total
11,796
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
14.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-14005 | high | 8.8 | 8.8 | 9y ago | An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the … | |
| CVE-2017-5531 | high | 8.8 | 8.8 | 9y ago | Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may b… | |
| CVE-2017-15296 | high | 8.8 | 8.8 | 9y ago | The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | |
| CVE-2017-6224 | high | 8.8 | 8.8 | 9y ago | Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2… | |
| CVE-2017-6223 | high | 8.8 | 8.8 | 9y ago | Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow… | |
| CVE-2017-15276 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |
| CVE-2017-15013 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |
| CVE-2017-15012 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack… | |
| CVE-2017-11786 | high | 8.8 | 8.8 | 9y ago | Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authen… | |
| CVE-2017-11763 | high | 8.8 | 8.8 | 9y ago | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, a… | |
| CVE-2017-11762 | high | 8.8 | 8.8 | 9y ago | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, a… | |
| CVE-2017-9514 | high | 8.8 | 8.8 | 9y ago | Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in… | |
| CVE-2017-15285 | high | 8.8 | 8.8 | 9y ago | X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This… | |
| CVE-2017-15281 | high | 8.8 | 8.8 | 9y ago | ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "… | |
| CVE-2017-2888 | high | 8.8 | 8.8 | 9y ago | An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocate… | |
| CVE-2017-2887 | high | 8.8 | 8.8 | 9y ago | An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in po… | |
| CVE-2017-15238 | high | 8.8 | 8.8 | 9y ago | ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | |
| CVE-2017-15063 | high | 8.8 | 8.8 | 9y ago | Subrion CMS CSRF Vulnerability | |
| CVE-2017-13996 | high | 8.8 | 8.8 | 9y ago | A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not ha… | |
| CVE-2017-14353 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | |
| CVE-2017-15017 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | |
| CVE-2017-15016 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | |
| CVE-2017-15015 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | |
| CVE-2017-1000120 | high | 8.8 | 8.8 | 9y ago | [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | |
| CVE-2017-1000117 | high | 8.8 | 8.8 | 9y ago | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Suc… | |
| CVE-2017-1000107 | high | 8.8 | 8.8 | 9y ago | Sandbox bypass in Jenkins Script Security Plugin sandbox bypass | |
| CVE-2017-1000096 | high | 8.8 | 8.8 | 9y ago | Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline | |
| CVE-2017-1000093 | high | 8.8 | 8.8 | 9y ago | Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery | |
| CVE-2017-1000090 | high | 8.8 | 8.8 | 9y ago | CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration | |
| CVE-2017-6090 | high | 8.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte… | |
| CVE-2017-14848 | high | 8.8 | 8.8 | 9y ago | WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | |
| CVE-2017-14758 | high | 8.8 | 8.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.… | |
| CVE-2017-14757 | high | 8.8 | 8.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/down… | |
| CVE-2017-1311 | high | 8.8 | 8.8 | 9y ago | IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inf… | |
| CVE-2017-13982 | high | 8.8 | 8.8 | 9y ago | A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |
| CVE-2017-8448 | high | 8.8 | 8.8 | 9y ago | An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privil… | |
| CVE-2017-14867 | high | 8.8 | 8.8 | 9y ago | Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers… | |
| CVE-2017-12230 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due… | |
| CVE-2017-12226 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco Ne… | |
| CVE-2017-14847 | high | 8.8 | 8.8 | 9y ago | Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | |
| CVE-2017-14846 | high | 8.8 | 8.8 | 9y ago | Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | |
| CVE-2017-14845 | high | 8.8 | 8.8 | 9y ago | Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | |
| CVE-2017-14844 | high | 8.8 | 8.8 | 9y ago | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |
| CVE-2017-14843 | high | 8.8 | 8.8 | 9y ago | Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |
| CVE-2017-14842 | high | 8.8 | 8.8 | 9y ago | Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |
| CVE-2017-14840 | high | 8.8 | 8.8 | 9y ago | TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | |
| CVE-2017-14839 | high | 8.8 | 8.8 | 9y ago | TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | |
| CVE-2017-14838 | high | 8.8 | 8.8 | 9y ago | TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | |
| CVE-2017-14796 | high | 8.8 | 8.8 | 9y ago | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via … | |
| CVE-2017-14795 | high | 8.8 | 8.8 | 9y ago | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via… | |
| CVE-2017-14527 | high | 8.8 | 8.8 | 9y ago | Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files… | |
| CVE-2017-14526 | high | 8.8 | 8.8 | 9y ago | Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrar… | |
| CVE-2017-1407 | high | 8.8 | 8.8 | 9y ago | IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacke… | |
| CVE-2017-11191 | high | 8.8 | 8.8 | 9y ago | FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had… | |
| CVE-2017-14767 | high | 8.8 | 8.8 | 9y ago | The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (h… | |
| CVE-2017-14764 | high | 8.8 | 8.8 | 9y ago | GeniXCMS arbitrary PHP code execution | |
| CVE-2017-14763 | high | 8.8 | 8.8 | 9y ago | GeniXCMS arbitrary PHP code execution | |
| CVE-2017-1539 | high | 8.8 | 8.8 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LD… | |
| CVE-2017-5200 | high | 8.8 | 8.8 | 9y ago | Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | |
| CVE-2017-5192 | high | 8.8 | 8.8 | 9y ago | When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all au… | |
| CVE-2017-14704 | high | 8.8 | 8.8 | 9y ago | Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code … | |
| CVE-2017-14001 | high | 8.8 | 8.8 | 9y ago | An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may al… | |
| CVE-2017-7969 | high | 8.8 | 8.8 | 9y ago | A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2… | |
| CVE-2017-14734 | high | 8.8 | 8.8 | 9y ago | The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact v… | |
| CVE-2017-14081 | high | 8.8 | 8.8 | 9y ago | Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |
| CVE-2017-14079 | high | 8.8 | 8.8 | 9y ago | Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |
| CVE-2017-11395 | high | 8.8 | 8.8 | 9y ago | Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulner… | |
| CVE-2017-3770 | high | 8.8 | 8.8 | 9y ago | Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the u… | |
| CVE-2017-8007 | high | 8.8 | 8.8 | 9y ago | In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Ga… | |
| CVE-2017-14682 | high | 8.8 | 8.8 | 9y ago | GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impa… | |
| CVE-2017-14647 | high | 8.8 | 8.8 | 9y ago | A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote… | |
| CVE-2017-14644 | high | 8.8 | 8.8 | 9y ago | A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code ex… | |
| CVE-2017-14639 | high | 8.8 | 8.8 | 9y ago | AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to d… | |
| CVE-2017-12929 | high | 8.8 | 8.8 | 9y ago | Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | |
| CVE-2017-14160 | high | 8.8 | 8.8 | 9y ago | The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified ot… | |
| CVE-2017-14635 | high | 8.8 | 8.8 | 9y ago | In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code in… | |
| CVE-2017-12253 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery … | |
| CVE-2017-12214 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remo… | |
| CVE-2017-9333 | high | 8.8 | 8.8 | 9y ago | OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with … | |
| CVE-2017-14509 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors … | |
| CVE-2017-14508 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails… | |
| CVE-2017-14500 | high | 8.8 | 8.8 | 9y ago | Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code exe… | |
| CVE-2017-4924 | high | 8.8 | 8.8 | 9y ago | VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may a… | |
| CVE-2017-0782 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. | |
| CVE-2017-0781 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. | |
| CVE-2017-14482 | high | 8.8 | 8.8 | 9y ago | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell… | |
| CVE-2017-1002026 | high | 8.8 | 8.8 | 9y ago | Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statemen… | |
| CVE-2017-2816 | high | 8.8 | 8.8 | 9y ago | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on t… | |
| CVE-2017-11350 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. | |
| CVE-2017-8682 | high | 8.8 | 8.8 | 9y ago | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 20… | |
| CVE-2017-8660 | high | 8.8 | 8.8 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser… | |
| CVE-2017-14399 | high | 8.8 | 8.8 | 9y ago | In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | |
| CVE-2017-14348 | high | 8.8 | 8.8 | 9y ago | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | |
| CVE-2017-14319 | high | 8.8 | 8.8 | 9y ago | A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accou… | |
| CVE-2017-14316 | high | 8.8 | 8.8 | 9y ago | A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memf… | |
| CVE-2017-14267 | high | 8.8 | 8.8 | 9y ago | EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSetti… | |
| CVE-2017-14251 | high | 8.8 | 8.8 | 9y ago | TYPO3 Arbitrary Code Execution | |
| CVE-2017-14225 | high | 8.8 | 8.8 | 9y ago | The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by … | |
| CVE-2017-14224 | high | 8.8 | 8.8 | 9y ago | A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | |
| CVE-2017-0791 | high | 8.8 | 8.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. |