CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8804 | high | 7.5 | 7.5 | 9y ago | The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual… | |||
| CVE-2017-3733 | high | 7.5 | 7.5 | 9y ago | During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (d… | |||
| CVE-2017-3731 | high | 7.5 | 7.5 | 9y ago | If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resu… | |||
| CVE-2017-8776 | high | 7.5 | 7.5 | 9y ago | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR… | |||
| CVE-2017-5240 | high | 7.5 | 7.5 | 9y ago | Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of servi… | |||
| CVE-2017-7483 | high | 7.5 | 7.5 | 9y ago | Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to … | |||
| CVE-2017-8398 | high | 7.5 | 7.5 | 9y ago | dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binar… | |||
| CVE-2017-8397 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt bi… | |||
| CVE-2017-8396 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small… | |||
| CVE-2017-8395 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memo… | |||
| CVE-2017-8394 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section.… | |||
| CVE-2017-8393 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcop… | |||
| CVE-2017-8392 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL… | |||
| CVE-2017-6128 | high | 7.5 | 7.5 | 9y ago | An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. | |||
| CVE-2017-2153 | high | 7.5 | 7.5 | 9y ago | SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UD… | |||
| CVE-2017-8308 | high | 7.5 | 7.5 | 9y ago | In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense fe… | |||
| CVE-2017-8296 | high | 7.5 | 7.5 | 9y ago | kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of … | |||
| CVE-2017-8294 | high | 7.5 | 7.5 | 9y ago | libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_ex… | |||
| CVE-2017-5186 | high | 7.5 | 7.5 | 9y ago | Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the de… | |||
| CVE-2017-7415 | high | 7.5 | 7.5 | 9y ago | Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. | |||
| CVE-2017-3621 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: IPC Frameworks). The supported version that is affected is AK 2013. Easily "explo… | |||
| CVE-2017-3572 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce (subcomponent: MDEX). Supported versions that are affected are 6.2.2, 6.3.0, 6.4.1… | |||
| CVE-2017-3555 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: Self Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.… | |||
| CVE-2017-3538 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to … | |||
| CVE-2017-3519 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" v… | |||
| CVE-2017-3518 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0, 13.1.0 … | |||
| CVE-2017-3499 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware (subcomponent: Android Client). The supported version that is affected is prior to 11.1.12.0.0 (17019101). Easily "exp… | |||
| CVE-2017-3450 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"… | |||
| CVE-2017-3329 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earl… | |||
| CVE-2017-3233 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-1000361 | high | 7.5 | 7.5 | 9y ago | OpenDaylight Controller DoS | |||
| CVE-2017-1000357 | high | 7.5 | 7.5 | 9y ago | Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for t… | |||
| CVE-2017-2334 | high | 7.5 | 7.5 | 9y ago | An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middl… | |||
| CVE-2017-2323 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to … | |||
| CVE-2017-2315 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (… | |||
| CVE-2017-2313 | high | 7.5 | 7.5 | 9y ago | Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashe… | |||
| CVE-2017-8077 | high | 7.5 | 7.5 | 9y ago | On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8073 | high | 7.5 | 7.5 | 9y ago | denial of service in weechat | |||
| CVE-2017-8050 | high | 7.5 | 7.5 | 9y ago | Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | |||
| CVE-2017-3808 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a d… | |||
| CVE-2017-6919 | high | 7.5 | 7.5 | 9y ago | Drupal access control bypass vulnerability | |||
| CVE-2017-7978 | high | 7.5 | 7.5 | 9y ago | Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is… | |||
| CVE-2017-7963 | high | 7.5 | 7.5 | 9y ago | The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long str… | |||
| CVE-2017-5656 | high | 7.5 | 7.5 | 9y ago | Session Fixation in Apache CXF | |||
| CVE-2017-7645 | high | 7.5 | 7.5 | 9y ago | The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c,… | |||
| CVE-2017-7892 | high | 7.5 | 7.5 | 9y ago | Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on … | |||
| CVE-2017-5659 | high | 7.5 | 7.5 | 9y ago | Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | |||
| CVE-2017-5650 | high | 7.5 | 7.5 | 9y ago | In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting f… | |||
| CVE-2017-5647 | high | 7.5 | 7.5 | 9y ago | A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in… | |||
| CVE-2017-7879 | high | 7.5 | 7.5 | 9y ago | SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | |||
| CVE-2017-7696 | high | 7.5 | 7.5 | 9y ago | SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_res… | |||
| CVE-2017-7408 | high | 7.5 | 7.5 | 9y ago | Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. | |||
| CVE-2017-7869 | high | 7.5 | 7.5 | 9y ago | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a … | |||
| CVE-2017-7868 | high | 7.5 | 7.5 | 9y ago | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and… | |||
| CVE-2017-7867 | high | 7.5 | 7.5 | 9y ago | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and… | |||
| CVE-2017-7853 | high | 7.5 | 7.5 | 9y ago | In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a r… | |||
| CVE-2017-7748 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/pac… | |||
| CVE-2017-7747 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c… | |||
| CVE-2017-7746 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/pa… | |||
| CVE-2017-7745 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors… | |||
| CVE-2017-7705 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/diss… | |||
| CVE-2017-7704 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a… | |||
| CVE-2017-7703 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calc… | |||
| CVE-2017-7702 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/p… | |||
| CVE-2017-7701 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/pac… | |||
| CVE-2017-6059 | high | 7.5 | 7.5 | 9y ago | Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided t… | |||
| CVE-2017-0205 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitr… | |||
| CVE-2017-0201 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in su… | |||
| CVE-2017-0200 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitr… | |||
| CVE-2017-0158 | high | 7.5 | 7.5 | 9y ago | An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles… | |||
| CVE-2017-0093 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memo… | |||
| CVE-2017-5988 | high | 7.5 | 7.5 | 9y ago | NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2017-7619 | high | 7.5 | 7.5 | 9y ago | In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, Modula… | |||
| CVE-2017-7618 | high | 7.5 | 7.5 | 9y ago | crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. | |||
| CVE-2017-3832 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affe… | |||
| CVE-2017-7192 | high | 7.5 | 7.5 | 9y ago | WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | |||
| CVE-2017-5887 | high | 7.5 | 7.5 | 9y ago | WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | |||
| CVE-2017-5649 | high | 7.5 | 7.5 | 9y ago | Apache Geode information disclosure vulnerability | |||
| CVE-2017-7414 | high | 7.5 | 7.5 | 9y ago | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enab… | |||
| CVE-2017-7401 | high | 7.5 | 7.5 | 9y ago | Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a… | |||
| CVE-2017-6441 | high | 7.5 | 7.5 | 9y ago | The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in … | |||
| CVE-2017-6181 | high | 7.5 | 7.5 | 9y ago | The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion a… | |||
| CVE-2017-5924 | high | 7.5 | 7.5 | 9y ago | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function. | |||
| CVE-2017-5923 | high | 7.5 | 7.5 | 9y ago | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse fu… | |||
| CVE-2017-2484 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a thi… | |||
| CVE-2017-2461 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2429 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in… | |||
| CVE-2017-2419 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Conte… | |||
| CVE-2017-2382 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspe… | |||
| CVE-2017-2380 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It … | |||
| CVE-2017-2377 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a… | |||
| CVE-2017-2376 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the addr… | |||
| CVE-2017-7396 | high | 7.5 | 7.5 | 9y ago | In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. | |||
| CVE-2017-7394 | high | 7.5 | 7.5 | 9y ago | In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. | |||
| CVE-2017-7392 | high | 7.5 | 7.5 | 9y ago | In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. | |||
| CVE-2017-3009 | high | 7.5 | 7.5 | 9y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation… | |||
| CVE-2017-5185 | high | 7.5 | 7.5 | 9y ago | A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | |||
| CVE-2017-4980 | high | 7.5 | 7.5 | 9y ago | EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.… | |||
| CVE-2017-7258 | high | 7.5 | 7.5 | 9y ago | HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can l… | |||
| CVE-2017-7304 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields… |