CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2192 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allo… | |||
| CVE-2017-2191 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a … | |||
| CVE-2017-2190 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified direct… | |||
| CVE-2017-2189 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2176 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) availa… | |||
| CVE-2017-8108 | high | 7.8 | 7.8 | 9y ago | Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. | |||
| CVE-2017-6638 | high | 7.8 | 7.8 | 9y ago | A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges… | |||
| CVE-2017-4913 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this m… | |||
| CVE-2017-4912 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstat… | |||
| CVE-2017-4911 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this … | |||
| CVE-2017-4910 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this m… | |||
| CVE-2017-4909 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, th… | |||
| CVE-2017-4908 | high | 7.8 | 7.8 | 9y ago | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this… | |||
| CVE-2017-9301 | high | 7.8 | 7.8 | 9y ago | plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecif… | |||
| CVE-2017-9300 | high | 7.8 | 7.8 | 9y ago | arbitrary code execution in vlc | |||
| CVE-2017-9036 | high | 7.8 | 7.8 | 9y ago | Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | |||
| CVE-2017-2823 | high | 7.8 | 7.8 | 9y ago | A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can… | |||
| CVE-2017-2819 | high | 7.8 | 7.8 | 9y ago | An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause a… | |||
| CVE-2017-2817 | high | 7.8 | 7.8 | 9y ago | A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code ex… | |||
| CVE-2017-2799 | high | 7.8 | 7.8 | 9y ago | An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption re… | |||
| CVE-2017-2798 | high | 7.8 | 7.8 | 9y ago | An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corrup… | |||
| CVE-2017-0374 | high | 7.8 | 7.8 | 9y ago | lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the IN… | |||
| CVE-2017-2797 | high | 7.8 | 7.8 | 9y ago | An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. | |||
| CVE-2017-2794 | high | 7.8 | 7.8 | 9y ago | An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a sta… | |||
| CVE-2017-2793 | high | 7.8 | 7.8 | 9y ago | An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corru… | |||
| CVE-2017-2783 | high | 7.8 | 7.8 | 9y ago | An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a h… | |||
| CVE-2017-2175 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-6986 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial… | |||
| CVE-2017-6985 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a pri… | |||
| CVE-2017-6981 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary… | |||
| CVE-2017-2548 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged con… | |||
| CVE-2017-2546 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context o… | |||
| CVE-2017-2545 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged conte… | |||
| CVE-2017-2543 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged cont… | |||
| CVE-2017-2542 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged cont… | |||
| CVE-2017-2541 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged con… | |||
| CVE-2017-2537 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged con… | |||
| CVE-2017-2535 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a deni… | |||
| CVE-2017-2512 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Sandbox" component. It allows attackers to conduct sandbox-escape attacks or cause a denia… | |||
| CVE-2017-2503 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-2499 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" compo… | |||
| CVE-2017-2494 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context o… | |||
| CVE-2017-6650 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injec… | |||
| CVE-2017-6649 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. Th… | |||
| CVE-2017-7968 | high | 7.8 | 7.8 | 9y ago | An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a… | |||
| CVE-2017-9077 | high | 7.8 | 7.8 | 9y ago | The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified … | |||
| CVE-2017-9076 | high | 7.8 | 7.8 | 9y ago | The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified… | |||
| CVE-2017-9075 | high | 7.8 | 7.8 | 9y ago | The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified … | |||
| CVE-2017-9074 | high | 7.8 | 7.8 | 9y ago | The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial … | |||
| CVE-2017-6623 | high | 7.8 | 7.8 | 9y ago | A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their p… | |||
| CVE-2017-9043 | high | 7.8 | 7.8 | 9y ago | readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly hav… | |||
| CVE-2017-9042 | high | 7.8 | 7.8 | 9y ago | readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified… | |||
| CVE-2017-7493 | high | 7.8 | 7.8 | 9y ago | Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs meta… | |||
| CVE-2017-6887 | high | 7.8 | 7.8 | 9y ago | A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC fil… | |||
| CVE-2017-7487 | high | 7.8 | 7.8 | 9y ago | The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have u… | |||
| CVE-2017-8246 | high | 7.8 | 7.8 | 9y ago | In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized a… | |||
| CVE-2017-8245 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bou… | |||
| CVE-2017-2167 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file… | |||
| CVE-2017-0604 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated … | |||
| CVE-2017-0597 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High bec… | |||
| CVE-2017-0596 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is… | |||
| CVE-2017-0595 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is… | |||
| CVE-2017-0594 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context o… | |||
| CVE-2017-0593 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general by… | |||
| CVE-2017-0592 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and da… | |||
| CVE-2017-0591 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is … | |||
| CVE-2017-0590 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is… | |||
| CVE-2017-0589 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is… | |||
| CVE-2017-0588 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data pro… | |||
| CVE-2017-0587 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue i… | |||
| CVE-2017-0281 | high | 7.8 | 7.8 | 9y ago | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise … | |||
| CVE-2017-0265 | high | 7.8 | 7.8 | 9y ago | Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Th… | |||
| CVE-2017-0264 | high | 7.8 | 7.8 | 9y ago | Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Th… | |||
| CVE-2017-0254 | high | 7.8 | 7.8 | 9y ago | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word… | |||
| CVE-2017-0077 | high | 7.8 | 7.8 | 9y ago | The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 … | |||
| CVE-2017-8890 | high | 7.8 | 7.8 | 9y ago | The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other … | |||
| CVE-2017-7698 | high | 7.8 | 7.8 | 9y ago | A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf… | |||
| CVE-2017-0352 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation… | |||
| CVE-2017-0351 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or p… | |||
| CVE-2017-0350 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset … | |||
| CVE-2017-0349 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not… | |||
| CVE-2017-0348 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or potenti… | |||
| CVE-2017-0347 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not c… | |||
| CVE-2017-0346 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, lea… | |||
| CVE-2017-0345 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not c… | |||
| CVE-2017-0344 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical mem… | |||
| CVE-2017-0342 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading t… | |||
| CVE-2017-0341 | high | 7.8 | 7.8 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a poi… | |||
| CVE-2017-8854 | high | 7.8 | 7.8 | 9y ago | wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. | |||
| CVE-2017-8844 | high | 7.8 | 7.8 | 9y ago | The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified oth… | |||
| CVE-2017-8829 | high | 7.8 | 7.8 | 9y ago | Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. | |||
| CVE-2017-5236 | high | 7.8 | 7.8 | 9y ago | Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current w… | |||
| CVE-2017-8455 | high | 7.8 | 7.8 | 9y ago | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in … | |||
| CVE-2017-0331 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic… | |||
| CVE-2017-8419 | high | 7.8 | 7.8 | 9y ago | LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based bu… | |||
| CVE-2017-8373 | high | 7.8 | 7.8 | 9y ago | The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecif… | |||
| CVE-2017-8367 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Bur… | |||
| CVE-2017-8364 | high | 7.8 | 7.8 | 9y ago | The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a c… | |||
| CVE-2017-7721 | high | 7.8 | 7.8 | 9y ago | IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file. | |||
| CVE-2017-2156 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified… |