CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16378 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16377 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16376 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16375 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16374 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16373 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16372 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16371 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16370 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16368 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16367 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16365 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16364 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16363 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16362 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-16360 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-17459 | high | 8.8 | 8.8 | 9y ago | http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hos… | |||
| CVE-2017-1356 | high | 8.8 | 8.8 | 9y ago | IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or del… | |||
| CVE-2017-17384 | high | 8.8 | 8.8 | 9y ago | ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | |||
| CVE-2017-17436 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials adv… | |||
| CVE-2017-17435 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phon… | |||
| CVE-2017-13156 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | |||
| CVE-2017-13151 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456. | |||
| CVE-2017-0878 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291. | |||
| CVE-2017-0877 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937. | |||
| CVE-2017-0876 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675. | |||
| CVE-2017-0872 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323. | |||
| CVE-2017-14355 | high | 7.8 | 8.8 | 9y ago | A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. | |||
| CVE-2017-8824 | high | 7.8 | 8.8 | 9y ago | The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system… | |||
| CVE-2017-17056 | high | 8.8 | 8.8 | 9y ago | The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the… | |||
| CVE-2017-17130 | high | 8.8 | 8.8 | 9y ago | The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have … | |||
| CVE-2017-17129 | high | 8.8 | 8.8 | 9y ago | The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified ot… | |||
| CVE-2017-17103 | high | 8.8 | 8.8 | 9y ago | Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. | |||
| CVE-2017-17091 | high | 8.8 | 8.8 | 9y ago | wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restriction… | |||
| CVE-2017-16895 | high | 7.8 | 8.8 | 9y ago | The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges … | |||
| CVE-2017-12631 | high | 8.8 | 8.8 | 9y ago | Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 | |||
| CVE-2017-12343 | high | 8.8 | 8.8 | 9y ago | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicio… | |||
| CVE-2017-14198 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously cra… | |||
| CVE-2017-17045 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by lever… | |||
| CVE-2017-0910 | high | 8.8 | 8.8 | 9y ago | In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. | |||
| CVE-2017-1000207 | high | 8.8 | 8.8 | 9y ago | Deserialization of Untrusted Data in swagger-codegen | |||
| CVE-2017-1001004 | high | 8.8 | 8.8 | 9y ago | Arbitrary JavaScript Execution in typed-function | |||
| CVE-2017-8038 | high | 8.8 | 8.8 | 9y ago | In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, th… | |||
| CVE-2017-16960 | high | 8.8 | 8.8 | 9y ago | TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/… | |||
| CVE-2017-16958 | high | 8.8 | 8.8 | 9y ago | TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luc… | |||
| CVE-2017-16957 | high | 8.8 | 8.8 | 9y ago | TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/lu… | |||
| CVE-2017-16955 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?p… | |||
| CVE-2017-14176 | high | 8.8 | 8.8 | 9y ago | Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-… | |||
| CVE-2017-16941 | high | 8.8 | 8.8 | 9y ago | October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/the… | |||
| CVE-2017-16939 | high | 7.8 | 8.8 | 9y ago | The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCV… | |||
| CVE-2017-8195 | high | 8.8 | 8.8 | 9y ago | The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerabi… | |||
| CVE-2017-8194 | high | 8.8 | 8.8 | 9y ago | The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerabi… | |||
| CVE-2017-8138 | high | 8.8 | 8.8 | 9y ago | HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper wi… | |||
| CVE-2017-8135 | high | 8.8 | 8.8 | 9y ago | The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated att… | |||
| CVE-2017-8134 | high | 8.8 | 8.8 | 9y ago | The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated att… | |||
| CVE-2017-8133 | high | 8.8 | 8.8 | 9y ago | Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to… | |||
| CVE-2017-8132 | high | 8.8 | 8.8 | 9y ago | The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated att… | |||
| CVE-2017-8131 | high | 8.8 | 8.8 | 9y ago | The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated att… | |||
| CVE-2017-2737 | high | 8.8 | 8.8 | 9y ago | VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upl… | |||
| CVE-2017-2722 | high | 8.8 | 8.8 | 9y ago | DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100… | |||
| CVE-2017-2719 | high | 8.8 | 8.8 | 9y ago | FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnera… | |||
| CVE-2017-2718 | high | 8.8 | 8.8 | 9y ago | FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnera… | |||
| CVE-2017-16923 | high | 8.8 | 8.8 | 9y ago | Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_A… | |||
| CVE-2017-16664 | high | 8.8 | 8.8 | 9y ago | Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attack… | |||
| CVE-2017-15044 | high | 8.8 | 8.8 | 9y ago | The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access con… | |||
| CVE-2017-16544 | high | 8.8 | 8.8 | 9y ago | In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and res… | |||
| CVE-2017-1000217 | high | 8.8 | 8.8 | 9y ago | Opencast RCE Vulnerability | |||
| CVE-2017-1000203 | high | 8.8 | 8.8 | 9y ago | ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution | |||
| CVE-2017-4934 | high | 8.8 | 8.8 | 9y ago | VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. | |||
| CVE-2017-1000238 | high | 8.8 | 8.8 | 9y ago | InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script… | |||
| CVE-2017-1000208 | high | 8.8 | 8.8 | 9y ago | Deserialization of Untrusted Data in swagger-parser | |||
| CVE-2017-15516 | high | 8.8 | 8.8 | 9y ago | NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user inte… | |||
| CVE-2017-16777 | high | 7.8 | 8.8 | 9y ago | If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo h… | |||
| CVE-2017-15864 | high | 8.8 | 8.8 | 9y ago | In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. | |||
| CVE-2017-14034 | high | 8.8 | 8.8 | 9y ago | The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial… | |||
| CVE-2017-13136 | high | 8.8 | 8.8 | 9y ago | The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. | |||
| CVE-2017-14961 | high | 7.8 | 8.8 | 9y ago | In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c. | |||
| CVE-2017-11879 | high | 8.8 | 8.8 | 9y ago | Open redirect in ASP.NET Core | |||
| CVE-2017-11876 | high | 8.8 | 8.8 | 9y ago | Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to… | |||
| CVE-2017-11854 | high | 8.8 | 8.8 | 9y ago | Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary… | |||
| CVE-2017-1453 | high | 8.8 | 8.8 | 9y ago | IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit … | |||
| CVE-2017-9314 | high | 8.8 | 8.8 | 9y ago | Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to … | |||
| CVE-2017-11169 | high | 8.8 | 8.8 | 9y ago | Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified priv… | |||
| CVE-2017-13803 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13793 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13788 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-16671 | high | 8.8 | 8.8 | 9y ago | A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when… | |||
| CVE-2017-16669 | high | 8.8 | 8.8 | 9y ago | coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted f… | |||
| CVE-2017-9096 | high | 8.8 | 8.8 | 9y ago | Improper Restriction of XML External Entity Reference in iText | |||
| CVE-2017-2917 | high | 8.8 | 8.8 | 9y ago | An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker c… | |||
| CVE-2017-2916 | high | 8.8 | 8.8 | 9y ago | An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwrit… | |||
| CVE-2017-2890 | high | 8.8 | 8.8 | 9y ago | An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An atta… | |||
| CVE-2017-2881 | high | 8.8 | 8.8 | 9y ago | An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-suppli… | |||
| CVE-2017-2866 | high | 8.8 | 8.8 | 9y ago | An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP re… | |||
| CVE-2017-16001 | high | 7.8 | 8.8 | 9y ago | In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | |||
| CVE-2017-15672 | high | 8.8 | 8.8 | 9y ago | The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bound… | |||
| CVE-2017-16565 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arb… | |||
| CVE-2017-16547 | high | 8.8 | 8.8 | 9y ago | The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of s… | |||
| CVE-2017-16546 | high | 8.8 | 8.8 | 9y ago | The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uni… | |||
| CVE-2017-16545 | high | 8.8 | 8.8 | 9y ago | The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType in… |