CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11732 | medium | 5.5 | 5.5 | 9y ago | A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service vi… | |||
| CVE-2017-11731 | medium | 5.5 | 5.5 | 9y ago | An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service … | |||
| CVE-2017-11730 | medium | 5.5 | 5.5 | 9y ago | A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a … | |||
| CVE-2017-11729 | medium | 5.5 | 5.5 | 9y ago | A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a … | |||
| CVE-2017-11728 | medium | 5.5 | 5.5 | 9y ago | A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted fi… | |||
| CVE-2017-9545 | medium | 5.5 | 5.5 | 9y ago | The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. | |||
| CVE-2017-11674 | medium | 5.5 | 5.5 | 9y ago | Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a "Read Access Violation starting at reporter!madTraceProcess." | |||
| CVE-2017-11627 | medium | 5.5 | 5.5 | 9y ago | A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh… | |||
| CVE-2017-11626 | medium | 5.5 | 5.5 | 9y ago | A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in … | |||
| CVE-2017-11625 | medium | 5.5 | 5.5 | 9y ago | A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in Q… | |||
| CVE-2017-11624 | medium | 5.5 | 5.5 | 9y ago | A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in … | |||
| CVE-2017-11434 | medium | 5.5 | 5.5 | 9y ago | The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options … | |||
| CVE-2017-11576 | medium | 5.5 | 5.5 | 9y ago | FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file. | |||
| CVE-2017-7542 | medium | 5.5 | 5.5 | 9y ago | The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ab… | |||
| CVE-2017-7067 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-7045 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restr… | |||
| CVE-2017-7036 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restr… | |||
| CVE-2017-7029 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involve… | |||
| CVE-2017-7028 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involve… | |||
| CVE-2017-11423 | medium | 5.5 | 5.5 | 9y ago | The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read a… | |||
| CVE-2017-11328 | medium | 5.5 | 5.5 | 9y ago | Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. | |||
| CVE-2017-8557 | medium | 5.5 | 5.5 | 9y ago | Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows S… | |||
| CVE-2017-11171 | medium | 5.5 | 5.5 | 9y ago | Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to… | |||
| CVE-2017-6726 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential i… | |||
| CVE-2017-11140 | medium | 5.5 | 5.5 | 9y ago | The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource… | |||
| CVE-2017-11126 | medium | 5.5 | 5.5 | 9y ago | The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is… | |||
| CVE-2017-10995 | medium | 5.5 | 5.5 | 9y ago | The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. | |||
| CVE-2017-0326 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This i… | |||
| CVE-2017-0708 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879. | |||
| CVE-2017-0699 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809. | |||
| CVE-2017-0698 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458. | |||
| CVE-2017-0697 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013. | |||
| CVE-2017-0696 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120. | |||
| CVE-2017-0695 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889. | |||
| CVE-2017-0694 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318. | |||
| CVE-2017-0693 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36993291. | |||
| CVE-2017-0692 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407. | |||
| CVE-2017-0691 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453. | |||
| CVE-2017-0690 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202. | |||
| CVE-2017-0689 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950. | |||
| CVE-2017-0688 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425. | |||
| CVE-2017-0686 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231. | |||
| CVE-2017-0685 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195. | |||
| CVE-2017-0672 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578. | |||
| CVE-2017-0670 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177. | |||
| CVE-2017-0669 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752. | |||
| CVE-2017-0668 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579. | |||
| CVE-2017-8387 | medium | 5.5 | 5.5 | 9y ago | STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issue… | |||
| CVE-2017-1207 | medium | 5.5 | 5.5 | 9y ago | IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. | |||
| CVE-2017-6705 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known… | |||
| CVE-2017-10800 | medium | 5.5 | 5.5 | 9y ago | When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount… | |||
| CVE-2017-10799 | medium | 5.5 | 5.5 | 9y ago | When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). | |||
| CVE-2017-10794 | medium | 5.5 | 5.5 | 9y ago | When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. | |||
| CVE-2017-10674 | medium | 5.5 | 5.5 | 9y ago | Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call. | |||
| CVE-2017-3747 | medium | 5.5 | 5.5 | 9y ago | Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileg… | |||
| CVE-2017-8575 | medium | 5.5 | 5.5 | 9y ago | The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics … | |||
| CVE-2017-9257 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9256 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9255 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9254 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9253 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9223 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash… | |||
| CVE-2017-9222 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a … | |||
| CVE-2017-9221 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash… | |||
| CVE-2017-9220 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp… | |||
| CVE-2017-9219 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application c… | |||
| CVE-2017-9218 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash… | |||
| CVE-2017-9955 | medium | 5.5 | 5.5 | 9y ago | The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based b… | |||
| CVE-2017-9954 | medium | 5.5 | 5.5 | 9y ago | The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buff… | |||
| CVE-2017-9929 | medium | 5.5 | 5.5 | 9y ago | In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9928 | medium | 5.5 | 5.5 | 9y ago | In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9870 | medium | 5.5 | 5.5 | 9y ago | The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application c… | |||
| CVE-2017-9868 | medium | 5.5 | 5.5 | 9y ago | In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | |||
| CVE-2017-9865 | medium | 5.5 | 5.5 | 9y ago | The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF doc… | |||
| CVE-2017-9847 | medium | 5.5 | 5.5 | 9y ago | The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2017-1349 | medium | 5.5 | 5.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525. | |||
| CVE-2017-1302 | medium | 5.5 | 5.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456. | |||
| CVE-2017-9782 | medium | 5.5 | 5.5 | 9y ago | JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec… | |||
| CVE-2017-9778 | medium | 5.5 | 5.5 | 9y ago | GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a … | |||
| CVE-2017-9762 | medium | 5.5 | 5.5 | 9y ago | The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file. | |||
| CVE-2017-9761 | medium | 5.5 | 5.5 | 9y ago | The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |||
| CVE-2017-1000380 | medium | 5.5 | 5.5 | 9y ago | sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i… | |||
| CVE-2017-9503 | medium | 5.5 | 5.5 | 9y ago | QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and Q… | |||
| CVE-2017-9375 | medium | 5.5 | 5.5 | 9y ago | QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving co… | |||
| CVE-2017-9374 | medium | 5.5 | 5.5 | 9y ago | Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplug… | |||
| CVE-2017-9373 | medium | 5.5 | 5.5 | 9y ago | Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplug… | |||
| CVE-2017-8544 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attack… | |||
| CVE-2017-8515 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system,… | |||
| CVE-2017-8508 | medium | 5.5 | 5.5 | 9y ago | A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". | |||
| CVE-2017-8493 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or requir… | |||
| CVE-2017-0295 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability". | |||
| CVE-2017-9617 | medium | 5.5 | 5.5 | 9y ago | In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. | |||
| CVE-2017-9616 | medium | 5.5 | 5.5 | 9y ago | In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. | |||
| CVE-2017-0647 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could b… | |||
| CVE-2017-0646 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to detai… | |||
| CVE-2017-0645 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local … | |||
| CVE-2017-0644 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the poss… | |||
| CVE-2017-0643 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the poss… | |||
| CVE-2017-0642 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due … | |||
| CVE-2017-0641 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… |