CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13831 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a … | |||
| CVE-2017-13820 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process me… | |||
| CVE-2017-12613 | high | 7.1 | 7.1 | 9y ago | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting t… | |||
| CVE-2017-10363 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security). Supported versions that are affected are 11.3, 11.4.0, 12.0.1, 12.… | |||
| CVE-2017-10353 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vul… | |||
| CVE-2017-10312 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows… | |||
| CVE-2017-13722 | high | 7.1 | 7.1 | 9y ago | In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xser… | |||
| CVE-2017-13720 | high | 7.1 | 7.1 | 9y ago | In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of f… | |||
| CVE-2017-5701 | high | 7.1 | 7.1 | 9y ago | Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary… | |||
| CVE-2017-12154 | high | 7.1 | 7.1 | 9y ago | The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omi… | |||
| CVE-2017-12215 | high | 7.1 | 7.1 | 9y ago | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to … | |||
| CVE-2017-12699 | high | 7.1 | 7.1 | 9y ago | An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with m… | |||
| CVE-2017-0778 | high | 7.1 | 7.1 | 9y ago | A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227. | |||
| CVE-2017-6767 | high | 7.1 | 7.1 | 9y ago | A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be… | |||
| CVE-2017-10226 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9… | |||
| CVE-2017-10125 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physi… | |||
| CVE-2017-10085 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-1382 | high | 7.1 | 7.1 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker c… | |||
| CVE-2017-11472 | high | 7.1 | 7.1 | 9y ago | The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain s… | |||
| CVE-2017-1000061 | high | 7.1 | 7.1 | 9y ago | xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service | |||
| CVE-2017-1254 | high | 7.1 | 7.1 | 9y ago | IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform… | |||
| CVE-2017-6038 | high | 7.1 | 7.1 | 9y ago | A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests wer… | |||
| CVE-2017-1105 | high | 7.1 | 7.1 | 9y ago | IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial o… | |||
| CVE-2017-9465 | high | 7.1 | 7.1 | 9y ago | The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a … | |||
| CVE-2017-4979 | high | 7.1 | 7.1 | 9y ago | EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneF… | |||
| CVE-2017-7929 | high | 7.1 | 7.1 | 9y ago | An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse th… | |||
| CVE-2017-6625 | high | 7.1 | 7.1 | 9y ago | A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow … | |||
| CVE-2017-3434 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily … | |||
| CVE-2017-3356 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3355 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3347 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3345 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3342 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3618 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-3595 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-3593 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-3591 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1… | |||
| CVE-2017-3574 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA License code configuration). Supported versions that are affected a… | |||
| CVE-2017-3557 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.… | |||
| CVE-2017-3550 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Admin Console). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily… | |||
| CVE-2017-3476 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 … | |||
| CVE-2017-3432 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily … | |||
| CVE-2017-3393 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Interaction History). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5 and 1… | |||
| CVE-2017-3337 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-7976 | high | 7.1 | 7.1 | 9y ago | Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a … | |||
| CVE-2017-7885 | high | 7.1 | 7.1 | 9y ago | Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in … | |||
| CVE-2017-6601 | high | 7.1 | 7.1 | 9y ago | A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an… | |||
| CVE-2017-2450 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2439 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2409 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of… | |||
| CVE-2017-7277 | high | 7.1 | 7.1 | 9y ago | The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data str… | |||
| CVE-2017-7208 | high | 7.1 | 7.1 | 9y ago | The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264… | |||
| CVE-2017-7206 | high | 7.1 | 7.1 | 9y ago | The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory v… | |||
| CVE-2017-6914 | high | 7.1 | 7.1 | 9y ago | CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted. | |||
| CVE-2017-5580 | high | 7.1 | 7.1 | 9y ago | The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process cra… | |||
| CVE-2017-6313 | high | 7.1 | 7.1 | 9y ago | Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image … | |||
| CVE-2017-5231 | high | 7.1 | 7.1 | 9y ago | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specia… | |||
| CVE-2017-5229 | high | 7.1 | 7.1 | 9y ago | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafte… | |||
| CVE-2017-5228 | high | 7.1 | 7.1 | 9y ago | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build … | |||
| CVE-2017-2584 | high | 7.1 | 7.1 | 10y ago | arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application … | |||
| CVE-2017-17712 | high | 7.0 | 7.0 | 9y ago | The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to exec… | |||
| CVE-2017-6262 | high | 7.0 | 7.0 | 9y ago | NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevatio… | |||
| CVE-2017-14902 | high | 7.0 | 7.0 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can pote… | |||
| CVE-2017-9718 | high | 7.0 | 7.0 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite. | |||
| CVE-2017-9708 | high | 7.0 | 7.0 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a… | |||
| CVE-2017-9703 | high | 7.0 | 7.0 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition. | |||
| CVE-2017-11049 | high | 7.0 | 7.0 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overf… | |||
| CVE-2017-11045 | high | 7.0 | 7.0 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free… | |||
| CVE-2017-11044 | high | 7.0 | 7.0 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free c… | |||
| CVE-2017-17053 | high | 7.0 | 7.0 | 9y ago | The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing … | |||
| CVE-2017-16933 | high | 7.0 | 7.0 | 9y ago | etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_… | |||
| CVE-2017-11025 | high | 7.0 | 7.0 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption… | |||
| CVE-2017-10278 | high | 7.0 | 7.0 | 9y ago | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vul… | |||
| CVE-2017-15265 | high | 7.0 | 7.0 | 9y ago | Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/… | |||
| CVE-2017-8694 | high | 7.0 | 7.0 | 9y ago | The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and… | |||
| CVE-2017-8689 | high | 7.0 | 7.0 | 9y ago | The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and… | |||
| CVE-2017-11824 | high | 7.0 | 7.0 | 9y ago | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, a… | |||
| CVE-2017-11783 | high | 7.0 | 7.0 | 9y ago | Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles call… | |||
| CVE-2017-11780 | high | 7.0 | 7.0 | 9y ago | The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 170… | |||
| CVE-2017-9697 | high | 7.0 | 7.0 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registr… | |||
| CVE-2017-14088 | high | 7.0 | 7.0 | 9y ago | Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved fo… | |||
| CVE-2017-13676 | high | 7.0 | 7.0 | 9y ago | Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious … | |||
| CVE-2017-8280 | high | 7.0 | 7.0 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a… | |||
| CVE-2017-9607 | high | 7.0 | 7.0 | 9y ago | The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of … | |||
| CVE-2017-8702 | high | 7.0 | 7.0 | 9y ago | Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to… | |||
| CVE-2017-8699 | high | 7.0 | 7.0 | 9y ago | Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows… | |||
| CVE-2017-8675 | high | 7.0 | 7.0 | 9y ago | The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, an… | |||
| CVE-2017-12146 | high | 7.0 | 7.0 | 9y ago | The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a sto… | |||
| CVE-2017-10950 | high | 7.0 | 7.0 | 9y ago | This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-priv… | |||
| CVE-2017-9684 | high | 7.0 | 7.0 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. | |||
| CVE-2017-8270 | high | 7.0 | 7.0 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. | |||
| CVE-2017-8267 | high | 7.0 | 7.0 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. | |||
| CVE-2017-8266 | high | 7.0 | 7.0 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. | |||
| CVE-2017-8265 | high | 7.0 | 7.0 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. | |||
| CVE-2017-8262 | high | 7.0 | 7.0 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condit… | |||
| CVE-2017-9661 | high | 7.0 | 7.0 | 9y ago | An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allo… | |||
| CVE-2017-8593 | high | 7.0 | 7.0 | 9y ago | Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 all… | |||
| CVE-2017-10225 | high | 7.0 | 7.0 | 9y ago | Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulne… | |||
| CVE-2017-11756 | high | 7.0 | 7.0 | 9y ago | In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4… | |||
| CVE-2017-6005 | high | 7.0 | 7.0 | 9y ago | Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially … |