CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3751 | high | 7.8 | 7.8 | 9y ago | An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privil… | |||
| CVE-2017-0750 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013. | |||
| CVE-2017-0749 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735. | |||
| CVE-2017-0747 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821. | |||
| CVE-2017-0746 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392. | |||
| CVE-2017-0745 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296. | |||
| CVE-2017-0742 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524. | |||
| CVE-2017-0741 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523. | |||
| CVE-2017-0740 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402. | |||
| CVE-2017-0737 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942. | |||
| CVE-2017-0732 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237. | |||
| CVE-2017-0731 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363. | |||
| CVE-2017-0729 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346. | |||
| CVE-2017-0728 | high | 7.8 | 7.8 | 9y ago | A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795. | |||
| CVE-2017-0727 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354. | |||
| CVE-2017-0723 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755. | |||
| CVE-2017-0722 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827. | |||
| CVE-2017-0721 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455. | |||
| CVE-2017-0720 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213. | |||
| CVE-2017-0719 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673. | |||
| CVE-2017-0718 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273547. | |||
| CVE-2017-0716 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196. | |||
| CVE-2017-0715 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372. | |||
| CVE-2017-0714 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637. | |||
| CVE-2017-0713 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780. | |||
| CVE-2017-0712 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928. | |||
| CVE-2017-8624 | high | 7.8 | 7.8 | 9y ago | CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation… | |||
| CVE-2017-8622 | high | 7.8 | 7.8 | 9y ago | Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privileg… | |||
| CVE-2017-8591 | high | 7.8 | 7.8 | 9y ago | Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulne… | |||
| CVE-2017-0250 | high | 7.8 | 7.8 | 9y ago | Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server… | |||
| CVE-2017-9942 | high | 7.8 | 7.8 | 9y ago | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to p… | |||
| CVE-2017-6419 | high | 7.8 | 7.8 | 9y ago | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified oth… | |||
| CVE-2017-12596 | high | 7.8 | 7.8 | 9y ago | In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly uns… | |||
| CVE-2017-12480 | high | 7.8 | 7.8 | 9y ago | Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory. | |||
| CVE-2017-12482 | high | 7.8 | 7.8 | 9y ago | The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unsp… | |||
| CVE-2017-12481 | high | 7.8 | 7.8 | 9y ago | The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impac… | |||
| CVE-2017-2221 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10820 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-12459 | high | 7.8 | 7.8 | 9y ago | The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause … | |||
| CVE-2017-12458 | high | 7.8 | 7.8 | 9y ago | The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause… | |||
| CVE-2017-12457 | high | 7.8 | 7.8 | 9y ago | The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NUL… | |||
| CVE-2017-12456 | high | 7.8 | 7.8 | 9y ago | The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. | |||
| CVE-2017-12455 | high | 7.8 | 7.8 | 9y ago | The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bo… | |||
| CVE-2017-12454 | high | 7.8 | 7.8 | 9y ago | The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbi… | |||
| CVE-2017-12453 | high | 7.8 | 7.8 | 9y ago | The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of boun… | |||
| CVE-2017-12452 | high | 7.8 | 7.8 | 9y ago | The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attac… | |||
| CVE-2017-12451 | high | 7.8 | 7.8 | 9y ago | The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remo… | |||
| CVE-2017-12450 | high | 7.8 | 7.8 | 9y ago | The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out o… | |||
| CVE-2017-12449 | high | 7.8 | 7.8 | 9y ago | The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an ou… | |||
| CVE-2017-12448 | high | 7.8 | 7.8 | 9y ago | The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use afte… | |||
| CVE-2017-9247 | high | 7.8 | 7.8 | 9y ago | Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. | |||
| CVE-2017-1468 | high | 7.8 | 7.8 | 9y ago | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467. | |||
| CVE-2017-2288 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2287 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2286 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for R… | |||
| CVE-2017-2279 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-8663 | high | 7.8 | 7.8 | 9y ago | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Micro… | |||
| CVE-2017-8571 | high | 7.8 | 7.8 | 9y ago | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way tha… | |||
| CVE-2017-11116 | high | 7.8 | 7.8 | 9y ago | The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted j… | |||
| CVE-2017-11749 | high | 7.8 | 7.8 | 9y ago | InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file. | |||
| CVE-2017-11748 | high | 7.8 | 7.8 | 9y ago | VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file. | |||
| CVE-2017-11742 | high | 7.8 | 7.8 | 9y ago | The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working d… | |||
| CVE-2017-6256 | high | 7.8 | 7.8 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated … | |||
| CVE-2017-6255 | high | 7.8 | 7.8 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service… | |||
| CVE-2017-6254 | high | 7.8 | 7.8 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validati… | |||
| CVE-2017-6253 | high | 7.8 | 7.8 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denia… | |||
| CVE-2017-6252 | high | 7.8 | 7.8 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges. | |||
| CVE-2017-6251 | high | 7.8 | 7.8 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which… | |||
| CVE-2017-11719 | high | 7.8 | 7.8 | 9y ago | The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other imp… | |||
| CVE-2017-11714 | high | 7.8 | 7.8 | 9y ago | psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecif… | |||
| CVE-2017-9835 | high | 7.8 | 7.8 | 9y ago | The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have un… | |||
| CVE-2017-9740 | high | 7.8 | 7.8 | 9y ago | The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or… | |||
| CVE-2017-9739 | high | 7.8 | 7.8 | 9y ago | The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have… | |||
| CVE-2017-9727 | high | 7.8 | 7.8 | 9y ago | The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possi… | |||
| CVE-2017-9726 | high | 7.8 | 7.8 | 9y ago | The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have… | |||
| CVE-2017-9620 | high | 7.8 | 7.8 | 9y ago | The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or… | |||
| CVE-2017-9619 | high | 7.8 | 7.8 | 9y ago | The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via … | |||
| CVE-2017-9618 | high | 7.8 | 7.8 | 9y ago | The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have uns… | |||
| CVE-2017-9612 | high | 7.8 | 7.8 | 9y ago | The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified ot… | |||
| CVE-2017-9611 | high | 7.8 | 7.8 | 9y ago | The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have… | |||
| CVE-2017-9610 | high | 7.8 | 7.8 | 9y ago | The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possi… | |||
| CVE-2017-11628 | high | 7.8 | 7.8 | 9y ago | In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentiall… | |||
| CVE-2017-11566 | high | 7.8 | 7.8 | 9y ago | AppUse 4.0 allows shell command injection via a proxy field. | |||
| CVE-2017-7980 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vec… | |||
| CVE-2017-8033 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exis… | |||
| CVE-2017-7541 | high | 7.8 | 7.8 | 9y ago | The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow a… | |||
| CVE-2017-8036 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a reg… | |||
| CVE-2017-11577 | high | 7.8 | 7.8 | 9y ago | FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||
| CVE-2017-11575 | high | 7.8 | 7.8 | 9y ago | FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parset… | |||
| CVE-2017-11574 | high | 7.8 | 7.8 | 9y ago | FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||
| CVE-2017-11573 | high | 7.8 | 7.8 | 9y ago | FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||
| CVE-2017-11572 | high | 7.8 | 7.8 | 9y ago | FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||
| CVE-2017-11571 | high | 7.8 | 7.8 | 9y ago | FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||
| CVE-2017-11570 | high | 7.8 | 7.8 | 9y ago | FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||
| CVE-2017-11569 | high | 7.8 | 7.8 | 9y ago | FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||
| CVE-2017-11568 | high | 7.8 | 7.8 | 9y ago | FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file. | |||
| CVE-2017-7069 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involve… | |||
| CVE-2017-7053 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iTunes before 12.6.2 on Windows is affected. The issue involves the "iTunes" component. It allows attackers to execute arbitrary code in a privilege… | |||
| CVE-2017-7044 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-7035 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… |