CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7303 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for nul… | |||
| CVE-2017-7302 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because … | |||
| CVE-2017-7301 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does n… | |||
| CVE-2017-7300 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (o… | |||
| CVE-2017-5239 | high | 7.5 | 7.5 | 9y ago | Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying infor… | |||
| CVE-2017-5237 | high | 7.5 | 7.5 | 9y ago | Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!" | |||
| CVE-2017-7243 | high | 7.5 | 7.5 | 9y ago | Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. | |||
| CVE-2017-5507 | high | 7.5 | 7.5 | 9y ago | Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. | |||
| CVE-2017-5335 | high | 7.5 | 7.5 | 9y ago | The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a craf… | |||
| CVE-2017-3859 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected devi… | |||
| CVE-2017-3857 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, re… | |||
| CVE-2017-3856 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insuffici… | |||
| CVE-2017-3851 | high | 7.5 | 7.5 | 9y ago | A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remot… | |||
| CVE-2017-7227 | high | 7.5 | 7.5 | 9y ago | GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a nam… | |||
| CVE-2017-7225 | high | 7.5 | 7.5 | 9y ago | The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an … | |||
| CVE-2017-7223 | high | 7.5 | 7.5 | 9y ago | GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. | |||
| CVE-2017-6318 | high | 7.5 | 7.5 | 9y ago | saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | |||
| CVE-2017-6058 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of se… | |||
| CVE-2017-7186 | high | 7.5 | 7.5 | 9y ago | libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode … | |||
| CVE-2017-7177 | high | 7.5 | 7.5 | 9y ago | Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. | |||
| CVE-2017-6962 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12. | |||
| CVE-2017-6960 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable. | |||
| CVE-2017-0151 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0150 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0141 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0138 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0137 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0136 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0134 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0133 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0132 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0131 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0130 | high | 7.5 | 7.5 | 9y ago | The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Script… | |||
| CVE-2017-0129 | high | 7.5 | 7.5 | 9y ago | Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability." | |||
| CVE-2017-0094 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0071 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0067 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0040 | high | 7.5 | 7.5 | 9y ago | The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Script… | |||
| CVE-2017-0035 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0034 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary c… | |||
| CVE-2017-0032 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0023 | high | 7.5 | 7.5 | 9y ago | The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted PDF file, ak… | |||
| CVE-2017-0018 | high | 7.5 | 7.5 | 9y ago | Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio… | |||
| CVE-2017-0015 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-0014 | high | 7.5 | 7.5 | 9y ago | The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; … | |||
| CVE-2017-0010 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-6379 | high | 7.5 | 7.5 | 9y ago | Drupal Cross-Site Request Forgery (CSRF) | |||
| CVE-2017-6377 | high | 7.5 | 7.5 | 9y ago | Drupal editor module incorrectly checks access to inline private files | |||
| CVE-2017-6802 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. | |||
| CVE-2017-6801 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. | |||
| CVE-2017-6800 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. | |||
| CVE-2017-2786 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a… | |||
| CVE-2017-6311 | high | 7.5 | 7.5 | 9y ago | gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error messag… | |||
| CVE-2017-5872 | high | 7.5 | 7.5 | 9y ago | The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to c… | |||
| CVE-2017-4960 | high | 7.5 | 7.5 | 9y ago | Cloud Foundry denial of service vulnerability | |||
| CVE-2017-5681 | high | 7.5 | 7.5 | 9y ago | The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-cha… | |||
| CVE-2017-5999 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() fu… | |||
| CVE-2017-6497 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). | |||
| CVE-2017-6474 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record … | |||
| CVE-2017-6473 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between l… | |||
| CVE-2017-6472 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtm… | |||
| CVE-2017-6471 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validat… | |||
| CVE-2017-6470 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by cons… | |||
| CVE-2017-6469 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by en… | |||
| CVE-2017-6468 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationshi… | |||
| CVE-2017-6467 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restr… | |||
| CVE-2017-5836 | high | 7.5 | 7.5 | 9y ago | The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an inv… | |||
| CVE-2017-5835 | high | 7.5 | 7.5 | 9y ago | libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. | |||
| CVE-2017-5356 | high | 7.5 | 7.5 | 9y ago | Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). | |||
| CVE-2017-5196 | high | 7.5 | 7.5 | 9y ago | Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. | |||
| CVE-2017-5195 | high | 7.5 | 7.5 | 9y ago | Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. | |||
| CVE-2017-5194 | high | 7.5 | 7.5 | 9y ago | Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | |||
| CVE-2017-5193 | high | 7.5 | 7.5 | 9y ago | The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. | |||
| CVE-2017-6405 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. | |||
| CVE-2017-6384 | high | 7.5 | 7.5 | 9y ago | Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed i… | |||
| CVE-2017-3826 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker… | |||
| CVE-2017-5995 | high | 7.5 | 7.5 | 9y ago | The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2017-5927 | high | 7.5 | 7.5 | 9y ago | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU ope… | |||
| CVE-2017-5926 | high | 7.5 | 7.5 | 9y ago | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU ope… | |||
| CVE-2017-5925 | high | 7.5 | 7.5 | 9y ago | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU o… | |||
| CVE-2017-6100 | high | 7.5 | 7.5 | 9y ago | tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | |||
| CVE-2017-6214 | high | 7.5 | 7.5 | 9y ago | The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packe… | |||
| CVE-2017-3841 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. K… | |||
| CVE-2017-3830 | high | 7.5 | 7.5 | 9y ago | A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Infor… | |||
| CVE-2017-6056 | high | 7.5 | 7.5 | 9y ago | It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service … | |||
| CVE-2017-6014 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to r… | |||
| CVE-2017-5357 | high | 7.5 | 7.5 | 9y ago | regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. | |||
| CVE-2017-6004 | high | 7.5 | 7.5 | 9y ago | The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (ou… | |||
| CVE-2017-0317 | high | 7.5 | 7.5 | 9y ago | All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamp… | |||
| CVE-2017-5997 | high | 7.5 | 7.5 | 9y ago | The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests wit… | |||
| CVE-2017-2981 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2980 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2979 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2978 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2977 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2976 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2975 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2974 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-5970 | high | 7.5 | 7.5 | 9y ago | The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted sy… | |||
| CVE-2017-5169 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and… |