CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8610 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory … | |||
| CVE-2017-8609 | high | 7.5 | 7.5 | 9y ago | Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScr… | |||
| CVE-2017-8608 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacke… | |||
| CVE-2017-8607 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8606 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8605 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fa… | |||
| CVE-2017-8604 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to… | |||
| CVE-2017-8603 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to… | |||
| CVE-2017-8598 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fa… | |||
| CVE-2017-8596 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to rende… | |||
| CVE-2017-8595 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fa… | |||
| CVE-2017-8585 | high | 7.5 | 7.5 | 9y ago | Improper Input Validation in Microsoft.NETCore.App | |||
| CVE-2017-8584 | high | 7.5 | 7.5 | 9y ago | Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability." | |||
| CVE-2017-8495 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attac… | |||
| CVE-2017-7730 | high | 7.5 | 7.5 | 9y ago | iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. | |||
| CVE-2017-7729 | high | 7.5 | 7.5 | 9y ago | On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext. | |||
| CVE-2017-7726 | high | 7.5 | 7.5 | 9y ago | iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. | |||
| CVE-2017-11164 | high | 7.5 | 7.5 | 9y ago | In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. | |||
| CVE-2017-6731 | high | 7.5 | 7.5 | 9y ago | A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexp… | |||
| CVE-2017-6729 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software c… | |||
| CVE-2017-5652 | high | 7.5 | 7.5 | 9y ago | During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in… | |||
| CVE-2017-7670 | high | 7.5 | 7.5 | 9y ago | Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack | |||
| CVE-2017-11145 | high | 7.5 | 7.5 | 9y ago | In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak informat… | |||
| CVE-2017-11144 | high | 7.5 | 7.5 | 9y ago | In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of … | |||
| CVE-2017-11143 | high | 7.5 | 7.5 | 9y ago | In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an i… | |||
| CVE-2017-11142 | high | 7.5 | 7.5 | 9y ago | In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variable… | |||
| CVE-2017-11113 | high | 7.5 | 7.5 | 9y ago | In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to … | |||
| CVE-2017-11112 | high | 7.5 | 7.5 | 9y ago | In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is u… | |||
| CVE-2017-11108 | high | 7.5 | 7.5 | 9y ago | tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called… | |||
| CVE-2017-7660 | high | 7.5 | 7.5 | 9y ago | Apache Solr insecure inter-node communication | |||
| CVE-2017-11102 | high | 7.5 | 7.5 | 9y ago | The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data st… | |||
| CVE-2017-9631 | high | 7.5 | 7.5 | 9y ago | A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attack… | |||
| CVE-2017-1000381 | high | 7.5 | 7.5 | 9y ago | The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was… | |||
| CVE-2017-9524 | high | 7.5 | 7.5 | 9y ago | The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server cr… | |||
| CVE-2017-8290 | high | 7.5 | 7.5 | 9y ago | A potential Buffer Overflow Vulnerability (from a BB Code handling issue) has been identified in TeamSpeak Server version 3.0.13.6 (08/11/2016 09:48:33), it enables the users to Crash any WINDOWS Cli… | |||
| CVE-2017-10976 | high | 7.5 | 7.5 | 9y ago | When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c. | |||
| CVE-2017-1264 | high | 7.5 | 7.5 | 9y ago | IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 1… | |||
| CVE-2017-2294 | high | 7.5 | 7.5 | 9y ago | Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in Pu… | |||
| CVE-2017-10922 | high | 7.5 | 7.5 | 9y ago | The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. | |||
| CVE-2017-10916 | high | 7.5 | 7.5 | 9y ago | The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS user… | |||
| CVE-2017-10810 | high | 7.5 | 7.5 | 9y ago | Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) b… | |||
| CVE-2017-10803 | medium | 6.5 | 7.5 | 9y ago | In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated pr… | |||
| CVE-2017-8893 | high | 7.5 | 7.5 | 9y ago | AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service. | |||
| CVE-2017-8797 | high | 7.5 | 7.5 | 9y ago | The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker.… | |||
| CVE-2017-0377 | high | 7.5 | 7.5 | 9y ago | Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties b… | |||
| CVE-2017-10790 | high | 7.5 | 7.5 | 9y ago | The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node st… | |||
| CVE-2017-6046 | high | 7.5 | 7.5 | 9y ago | An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive informati… | |||
| CVE-2017-6017 | high | 7.5 | 7.5 | 9y ago | A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMX… | |||
| CVE-2017-10687 | high | 7.5 | 7.5 | 9y ago | In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-10683 | high | 7.5 | 7.5 | 9y ago | In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-10679 | high | 7.5 | 7.5 | 9y ago | Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID… | |||
| CVE-2017-7686 | high | 7.5 | 7.5 | 9y ago | Apache Ignite communicates to an external PHP server where sensitive information is sent | |||
| CVE-2017-9993 | high | 7.5 | 7.5 | 9y ago | FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attac… | |||
| CVE-2017-9987 | high | 7.5 | 7.5 | 9y ago | There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack. | |||
| CVE-2017-9445 | high | 7.5 | 7.5 | 9y ago | arbitrary code execution in systemd | |||
| CVE-2017-9982 | high | 7.5 | 7.5 | 9y ago | TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character. | |||
| CVE-2017-7524 | high | 7.5 | 7.5 | 9y ago | tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | |||
| CVE-2017-7508 | high | 7.5 | 7.5 | 9y ago | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | |||
| CVE-2017-9953 | high | 7.5 | 7.5 | 9y ago | There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-7458 | high | 7.5 | 7.5 | 9y ago | The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty … | |||
| CVE-2017-9936 | medium | 6.5 | 7.5 | 9y ago | In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. | |||
| CVE-2017-7459 | high | 7.5 | 7.5 | 9y ago | ntopng before 3.0 allows HTTP Response Splitting. | |||
| CVE-2017-6678 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote att… | |||
| CVE-2017-9829 | high | 7.5 | 7.5 | 9y ago | '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a craf… | |||
| CVE-2017-0897 | high | 7.5 | 7.5 | 9y ago | ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution. | |||
| CVE-2017-6045 | high | 7.5 | 7.5 | 9y ago | An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain… | |||
| CVE-2017-6043 | high | 7.5 | 7.5 | 9y ago | A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an at… | |||
| CVE-2017-2831 | high | 7.5 | 7.5 | 9y ago | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can… | |||
| CVE-2017-2830 | high | 7.5 | 7.5 | 9y ago | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can… | |||
| CVE-2017-9766 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet… | |||
| CVE-2017-3087 | high | 7.5 | 7.5 | 9y ago | Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate. | |||
| CVE-2017-7668 | high | 7.5 | 7.5 | 9y ago | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously… | |||
| CVE-2017-3743 | high | 7.5 | 7.5 | 9y ago | If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSP… | |||
| CVE-2017-3214 | high | 7.5 | 7.5 | 9y ago | The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | |||
| CVE-2017-9763 | high | 7.5 | 7.5 | 9y ago | The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack us… | |||
| CVE-2017-1000373 | medium | 6.5 | 7.5 | 9y ago | The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allo… | |||
| CVE-2017-9231 | high | 7.5 | 7.5 | 9y ago | XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2017-9735 | high | 7.5 | 7.5 | 9y ago | Jetty vulnerable to exposure of sensitive information due to observable discrepancy | |||
| CVE-2017-8452 | high | 7.5 | 7.5 | 9y ago | Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. | |||
| CVE-2017-8450 | high | 7.5 | 7.5 | 9y ago | X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this infor… | |||
| CVE-2017-7507 | high | 7.5 | 7.5 | 9y ago | GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server appli… | |||
| CVE-2017-9731 | high | 7.5 | 7.5 | 9y ago | In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk p… | |||
| CVE-2017-9729 | high | 7.5 | 7.5 | 9y ago | In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression. | |||
| CVE-2017-7629 | high | 7.5 | 7.5 | 9y ago | QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. | |||
| CVE-2017-1379 | high | 7.5 | 7.5 | 9y ago | IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. | |||
| CVE-2017-8549 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge imprope… | |||
| CVE-2017-8547 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of … | |||
| CVE-2017-8524 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 a… | |||
| CVE-2017-8522 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitr… | |||
| CVE-2017-8521 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scr… | |||
| CVE-2017-8520 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scr… | |||
| CVE-2017-8519 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context… | |||
| CVE-2017-8517 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an… | |||
| CVE-2017-8499 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scr… | |||
| CVE-2017-8497 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, ak… | |||
| CVE-2017-7910 | high | 7.5 | 7.5 | 9y ago | A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable… | |||
| CVE-2017-4981 | high | 7.5 | 7.5 | 9y ago | EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability. | |||
| CVE-2017-9604 | high | 7.5 | 7.5 | 9y ago | KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, w… | |||
| CVE-2017-6681 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker… | |||
| CVE-2017-6680 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Informat… |