CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9350 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative le… | |||
| CVE-2017-9349 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | |||
| CVE-2017-9348 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. | |||
| CVE-2017-9346 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | |||
| CVE-2017-9345 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. | |||
| CVE-2017-9344 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. | |||
| CVE-2017-9343 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. | |||
| CVE-2017-9334 | high | 7.5 | 7.5 | 9y ago | An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of servic… | |||
| CVE-2017-9304 | high | 7.5 | 7.5 | 9y ago | libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. | |||
| CVE-2017-7502 | high | 7.5 | 7.5 | 9y ago | Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. | |||
| CVE-2017-2304 | high | 7.5 | 7.5 | 9y ago | Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet p… | |||
| CVE-2017-2303 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D4… | |||
| CVE-2017-2302 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 1… | |||
| CVE-2017-2301 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to … | |||
| CVE-2017-2300 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primar… | |||
| CVE-2017-9250 | high | 7.5 | 7.5 | 9y ago | The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of ser… | |||
| CVE-2017-7295 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structur… | |||
| CVE-2017-7731 | high | 7.5 | 7.5 | 9y ago | A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | |||
| CVE-2017-7338 | high | 7.5 | 7.5 | 9y ago | A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | |||
| CVE-2017-7439 | high | 7.5 | 7.5 | 9y ago | NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. | |||
| CVE-2017-7236 | high | 7.5 | 7.5 | 9y ago | SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-9230 | high | 7.5 | 7.5 | 9y ago | The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multip… | |||
| CVE-2017-9229 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression com… | |||
| CVE-2017-9217 | high | 7.5 | 7.5 | 9y ago | denial of service in systemd | |||
| CVE-2017-9212 | high | 7.5 | 7.5 | 9y ago | The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name. | |||
| CVE-2017-9190 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5. | |||
| CVE-2017-9189 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. | |||
| CVE-2017-9182 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11. | |||
| CVE-2017-9181 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c. | |||
| CVE-2017-9180 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14. | |||
| CVE-2017-9179 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14. | |||
| CVE-2017-9178 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11. | |||
| CVE-2017-9177 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12. | |||
| CVE-2017-9176 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25. | |||
| CVE-2017-9175 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25. | |||
| CVE-2017-9174 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23. | |||
| CVE-2017-9159 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15. | |||
| CVE-2017-9158 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11. | |||
| CVE-2017-9157 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14. | |||
| CVE-2017-9156 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12. | |||
| CVE-2017-9155 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3. | |||
| CVE-2017-9154 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11. | |||
| CVE-2017-8915 | high | 7.5 | 7.5 | 9y ago | sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar s… | |||
| CVE-2017-8309 | high | 7.5 | 7.5 | 9y ago | Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | |||
| CVE-2017-9149 | high | 7.5 | 7.5 | 9y ago | Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to ob… | |||
| CVE-2017-2498 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrus… | |||
| CVE-2017-6653 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) con… | |||
| CVE-2017-6641 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of … | |||
| CVE-2017-6633 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected… | |||
| CVE-2017-6632 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a … | |||
| CVE-2017-9136 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the dev… | |||
| CVE-2017-9134 | high | 7.5 | 7.5 | 9y ago | An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial n… | |||
| CVE-2017-9132 | high | 7.5 | 7.5 | 9y ago | A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightwei… | |||
| CVE-2017-9131 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can … | |||
| CVE-2017-9098 | high | 7.5 | 7.5 | 9y ago | ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated … | |||
| CVE-2017-9091 | high | 7.5 | 7.5 | 9y ago | /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | |||
| CVE-2017-9090 | high | 7.5 | 7.5 | 9y ago | reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | |||
| CVE-2017-7935 | high | 7.5 | 7.5 | 9y ago | A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN req… | |||
| CVE-2017-6652 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due … | |||
| CVE-2017-6621 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to con… | |||
| CVE-2017-9065 | high | 7.5 | 7.5 | 9y ago | In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. | |||
| CVE-2017-9049 | high | 7.5 | 7.5 | 9y ago | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, t… | |||
| CVE-2017-9048 | high | 7.5 | 7.5 | 9y ago | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition in… | |||
| CVE-2017-9047 | high | 7.5 | 7.5 | 9y ago | A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char b… | |||
| CVE-2017-8338 | high | 7.5 | 7.5 | 9y ago | A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing th… | |||
| CVE-2017-9030 | high | 7.5 | 7.5 | 9y ago | The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary… | |||
| CVE-2017-5214 | high | 7.5 | 7.5 | 9y ago | The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploade… | |||
| CVE-2017-6658 | high | 7.5 | 7.5 | 9y ago | Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of… | |||
| CVE-2017-6657 | high | 7.5 | 7.5 | 9y ago | Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. Th… | |||
| CVE-2017-6651 | high | 7.5 | 7.5 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due … | |||
| CVE-2017-3876 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected devi… | |||
| CVE-2017-3873 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an un… | |||
| CVE-2017-3825 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to … | |||
| CVE-2017-8929 | high | 7.5 | 7.5 | 9y ago | The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. | |||
| CVE-2017-5654 | high | 7.5 | 7.5 | 9y ago | In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. | |||
| CVE-2017-8921 | high | 7.5 | 7.5 | 9y ago | In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). … | |||
| CVE-2017-7486 | high | 7.5 | 7.5 | 9y ago | PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | |||
| CVE-2017-7484 | high | 7.5 | 7.5 | 9y ago | It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges… | |||
| CVE-2017-2163 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | |||
| CVE-2017-0266 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulner… | |||
| CVE-2017-0248 | high | 7.5 | 7.5 | 9y ago | Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core | |||
| CVE-2017-0247 | high | 7.5 | 7.5 | 9y ago | ASP.NET Core fails to properly validate web requests | |||
| CVE-2017-0240 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerabil… | |||
| CVE-2017-0238 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE I… | |||
| CVE-2017-0236 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0235 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0234 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0230 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE I… | |||
| CVE-2017-0229 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE I… | |||
| CVE-2017-0228 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This C… | |||
| CVE-2017-0227 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerabil… | |||
| CVE-2017-0226 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017… | |||
| CVE-2017-0224 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0221 | high | 7.5 | 7.5 | 9y ago | A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240. | |||
| CVE-2017-8868 | high | 7.5 | 7.5 | 9y ago | acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. | |||
| CVE-2017-5892 | high | 7.5 | 7.5 | 9y ago | ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map. | |||
| CVE-2017-8855 | high | 7.5 | 7.5 | 9y ago | wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. | |||
| CVE-2017-8853 | high | 7.5 | 7.5 | 9y ago | Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | |||
| CVE-2017-3067 | high | 7.5 | 7.5 | 9y ago | Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms. | |||
| CVE-2017-8825 | high | 7.5 | 7.5 | 9y ago | A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed… |