CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0800 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988. | |||
| CVE-2017-0799 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072. | |||
| CVE-2017-0798 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532. | |||
| CVE-2017-0797 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854. | |||
| CVE-2017-0796 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887. | |||
| CVE-2017-0795 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480. | |||
| CVE-2017-0794 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. | |||
| CVE-2017-0770 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234… | |||
| CVE-2017-0769 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122. | |||
| CVE-2017-0768 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992. | |||
| CVE-2017-0767 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407. | |||
| CVE-2017-0766 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688. | |||
| CVE-2017-0765 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863. | |||
| CVE-2017-0764 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015. | |||
| CVE-2017-0763 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. | |||
| CVE-2017-0762 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264. | |||
| CVE-2017-0761 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. | |||
| CVE-2017-0760 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. | |||
| CVE-2017-0759 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. | |||
| CVE-2017-0758 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741. | |||
| CVE-2017-0757 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815. | |||
| CVE-2017-0756 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. | |||
| CVE-2017-0755 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311. | |||
| CVE-2017-0753 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744. | |||
| CVE-2017-0752 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. | |||
| CVE-2017-14181 | high | 7.8 | 7.8 | 9y ago | DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and applicat… | |||
| CVE-2017-9779 | high | 7.8 | 7.8 | 9y ago | OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." | |||
| CVE-2017-2870 | high | 7.8 | 7.8 | 9y ago | An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resul… | |||
| CVE-2017-2862 | high | 7.8 | 7.8 | 9y ago | An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in… | |||
| CVE-2017-2808 | high | 7.8 | 7.8 | 9y ago | An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbi… | |||
| CVE-2017-2807 | high | 7.8 | 7.8 | 9y ago | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. … | |||
| CVE-2017-2779 | high | 7.8 | 7.8 | 9y ago | An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (… | |||
| CVE-2017-14105 | high | 7.8 | 7.8 | 9y ago | HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An au… | |||
| CVE-2017-10851 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10850 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing i… | |||
| CVE-2017-10849 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10848 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse… | |||
| CVE-2017-10829 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan hor… | |||
| CVE-2017-13674 | high | 7.8 | 7.8 | 9y ago | Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate th… | |||
| CVE-2017-14102 | high | 7.8 | 7.8 | 9y ago | MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account… | |||
| CVE-2017-11158 | high | 7.8 | 7.8 | 9y ago | Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking … | |||
| CVE-2017-11157 | high | 7.8 | 7.8 | 9y ago | Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking… | |||
| CVE-2017-12717 | high | 7.8 | 7.8 | 9y ago | An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker… | |||
| CVE-2017-12713 | high | 7.8 | 7.8 | 9y ago | An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are … | |||
| CVE-2017-12711 | high | 7.8 | 7.8 | 9y ago | An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to … | |||
| CVE-2017-13774 | high | 7.8 | 7.8 | 9y ago | Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. | |||
| CVE-2017-3757 | high | 7.8 | 7.8 | 9y ago | An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with… | |||
| CVE-2017-3746 | high | 7.8 | 7.8 | 9y ago | ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code … | |||
| CVE-2017-2242 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10836 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10831 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privil… | |||
| CVE-2017-10830 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10828 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecifie… | |||
| CVE-2017-10827 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10826 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10812 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-12840 | high | 7.8 | 7.8 | 9y ago | A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of t… | |||
| CVE-2017-12595 | high | 7.8 | 7.8 | 9y ago | The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have… | |||
| CVE-2017-13686 | high | 7.8 | 7.8 | 9y ago | net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointe… | |||
| CVE-2017-12136 | high | 7.8 | 7.8 | 9y ago | Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the hos… | |||
| CVE-2017-0805 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701. | |||
| CVE-2017-11159 | high | 7.8 | 7.8 | 9y ago | Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking a… | |||
| CVE-2017-13130 | high | 7.8 | 7.8 | 9y ago | mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substr… | |||
| CVE-2017-6329 | high | 7.8 | 7.8 | 9y ago | Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker… | |||
| CVE-2017-10663 | high | 7.8 | 7.8 | 9y ago | The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2017-10662 | high | 7.8 | 7.8 | 9y ago | The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2017-11323 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substr… | |||
| CVE-2017-9678 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). | |||
| CVE-2017-3756 | high | 7.8 | 7.8 | 9y ago | A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with … | |||
| CVE-2017-11160 | high | 7.8 | 7.8 | 9y ago | Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a T… | |||
| CVE-2017-8272 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap wri… | |||
| CVE-2017-8268 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver p… | |||
| CVE-2017-8263 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. | |||
| CVE-2017-8261 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. | |||
| CVE-2017-8260 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. | |||
| CVE-2017-8257 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the d… | |||
| CVE-2017-8256 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. | |||
| CVE-2017-8255 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. | |||
| CVE-2017-8253 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. | |||
| CVE-2017-11653 | high | 7.8 | 7.8 | 9y ago | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNati… | |||
| CVE-2017-10665 | high | 7.8 | 7.8 | 9y ago | Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in … | |||
| CVE-2017-2289 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2228 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10824 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecifi… | |||
| CVE-2017-10823 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to … | |||
| CVE-2017-10822 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows… | |||
| CVE-2017-10821 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an … | |||
| CVE-2017-6768 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, lo… | |||
| CVE-2017-12892 | high | 7.8 | 7.8 | 9y ago | Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the curren… | |||
| CVE-2017-8243 | high | 7.8 | 7.8 | 9y ago | A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. | |||
| CVE-2017-1469 | high | 7.8 | 7.8 | 9y ago | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. | |||
| CVE-2017-11156 | high | 7.8 | 7.8 | 9y ago | Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code… | |||
| CVE-2017-11150 | high | 7.8 | 7.8 | 9y ago | Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted fi… | |||
| CVE-2017-9648 | high | 7.8 | 7.8 | 9y ago | An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow… | |||
| CVE-2017-9646 | high | 7.8 | 7.8 | 9y ago | An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identifie… | |||
| CVE-2017-8273 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffe… | |||
| CVE-2017-8271 | high | 7.8 | 7.8 | 9y ago | Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. | |||
| CVE-2017-8264 | high | 7.8 | 7.8 | 9y ago | A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. | |||
| CVE-2017-8259 | high | 7.8 | 7.8 | 9y ago | In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not us… | |||
| CVE-2017-12799 | high | 7.8 | 7.8 | 9y ago | The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via… |