CVEs from 2017
Total
11,693
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0782 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. | |||
| CVE-2017-0781 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. | |||
| CVE-2017-14482 | high | 8.8 | 8.8 | 9y ago | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell… | |||
| CVE-2017-1002026 | high | 8.8 | 8.8 | 9y ago | Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statemen… | |||
| CVE-2017-2816 | high | 8.8 | 8.8 | 9y ago | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on t… | |||
| CVE-2017-11350 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. | |||
| CVE-2017-8682 | high | 8.8 | 8.8 | 9y ago | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 20… | |||
| CVE-2017-8660 | high | 8.8 | 8.8 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser… | |||
| CVE-2017-14399 | high | 8.8 | 8.8 | 9y ago | In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | |||
| CVE-2017-14348 | high | 8.8 | 8.8 | 9y ago | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | |||
| CVE-2017-14319 | high | 8.8 | 8.8 | 9y ago | A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accou… | |||
| CVE-2017-14316 | high | 8.8 | 8.8 | 9y ago | A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memf… | |||
| CVE-2017-14267 | high | 8.8 | 8.8 | 9y ago | EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSetti… | |||
| CVE-2017-14251 | high | 8.8 | 8.8 | 9y ago | TYPO3 Arbitrary Code Execution | |||
| CVE-2017-14225 | high | 8.8 | 8.8 | 9y ago | The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by … | |||
| CVE-2017-14224 | high | 8.8 | 8.8 | 9y ago | A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | |||
| CVE-2017-0791 | high | 8.8 | 8.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. | |||
| CVE-2017-0790 | high | 8.8 | 8.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101. | |||
| CVE-2017-0789 | high | 8.8 | 8.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102. | |||
| CVE-2017-0788 | high | 8.8 | 8.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103. | |||
| CVE-2017-0787 | high | 8.8 | 8.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104. | |||
| CVE-2017-0786 | high | 8.8 | 8.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101. | |||
| CVE-2017-0784 | high | 8.8 | 8.8 | 9y ago | A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958. | |||
| CVE-2017-14167 | high | 8.8 | 8.8 | 9y ago | Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header addr… | |||
| CVE-2017-12216 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vu… | |||
| CVE-2017-13713 | high | 8.8 | 8.8 | 9y ago | T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | |||
| CVE-2017-12838 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add … | |||
| CVE-2017-11567 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to… | |||
| CVE-2017-14169 | high | 8.8 | 8.8 | 9y ago | In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xfffff… | |||
| CVE-2017-14164 | high | 8.8 | 8.8 | 9y ago | A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-b… | |||
| CVE-2017-1097 | high | 8.8 | 8.8 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions tra… | |||
| CVE-2017-2822 | high | 8.8 | 8.8 | 9y ago | An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a c… | |||
| CVE-2017-2821 | high | 8.8 | 8.8 | 9y ago | An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resultin… | |||
| CVE-2017-14152 | high | 8.8 | 8.8 | 9y ago | A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of serv… | |||
| CVE-2017-14151 | high | 8.8 | 8.8 | 9y ago | An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of … | |||
| CVE-2017-14146 | high | 8.8 | 8.8 | 9y ago | HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | |||
| CVE-2017-1000083 | high | 7.8 | 8.8 | 9y ago | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a fi… | |||
| CVE-2017-14123 | high | 8.8 | 8.8 | 9y ago | Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the serv… | |||
| CVE-2017-14119 | high | 8.8 | 8.8 | 9y ago | In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell… | |||
| CVE-2017-14118 | high | 8.8 | 8.8 | 9y ago | In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell… | |||
| CVE-2017-12421 | high | 8.8 | 8.8 | 9y ago | NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. | |||
| CVE-2017-14103 | high | 8.8 | 8.8 | 9y ago | The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct … | |||
| CVE-2017-14050 | high | 8.8 | 8.8 | 9y ago | In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | |||
| CVE-2017-14048 | high | 8.8 | 8.8 | 9y ago | BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via… | |||
| CVE-2017-14041 | high | 8.8 | 8.8 | 9y ago | A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of ser… | |||
| CVE-2017-14040 | high | 8.8 | 8.8 | 9y ago | An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspec… | |||
| CVE-2017-14039 | high | 8.8 | 8.8 | 9y ago | A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denia… | |||
| CVE-2017-1442 | high | 8.8 | 8.8 | 9y ago | IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the web… | |||
| CVE-2017-1440 | high | 8.8 | 8.8 | 9y ago | IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote sys… | |||
| CVE-2017-12704 | high | 8.8 | 8.8 | 9y ago | A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validati… | |||
| CVE-2017-12702 | high | 8.8 | 8.8 | 9y ago | An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, w… | |||
| CVE-2017-12763 | high | 8.8 | 8.8 | 9y ago | An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | |||
| CVE-2017-11455 | high | 8.8 | 8.8 | 9y ago | diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack … | |||
| CVE-2017-10952 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the tar… | |||
| CVE-2017-10951 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-13740 | high | 8.8 | 8.8 | 9y ago | There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. | |||
| CVE-2017-13739 | high | 8.8 | 8.8 | 9y ago | There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It wi… | |||
| CVE-2017-13738 | high | 8.8 | 8.8 | 9y ago | There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. | |||
| CVE-2017-10844 | high | 8.8 | 8.8 | 9y ago | Code Injection in baserCMS | |||
| CVE-2017-10839 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-10835 | high | 8.8 | 8.8 | 9y ago | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | |||
| CVE-2017-7926 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-u… | |||
| CVE-2017-12857 | high | 8.8 | 8.8 | 9y ago | Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application.… | |||
| CVE-2017-12703 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verif… | |||
| CVE-2017-12137 | high | 8.8 | 8.8 | 9y ago | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | |||
| CVE-2017-12135 | high | 8.8 | 8.8 | 9y ago | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | |||
| CVE-2017-12134 | high | 8.8 | 8.8 | 9y ago | The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cau… | |||
| CVE-2017-13147 | high | 8.8 | 8.8 | 9y ago | In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. | |||
| CVE-2017-12970 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts… | |||
| CVE-2017-12904 | high | 8.8 | 8.8 | 9y ago | Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by cra… | |||
| CVE-2017-13146 | high | 8.8 | 8.8 | 9y ago | In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. | |||
| CVE-2017-5208 | high | 8.8 | 8.8 | 9y ago | Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of servic… | |||
| CVE-2017-7557 | high | 8.8 | 8.8 | 9y ago | dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. | |||
| CVE-2017-7423 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow… | |||
| CVE-2017-5187 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 U… | |||
| CVE-2017-12983 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ot… | |||
| CVE-2017-12976 | high | 8.8 | 8.8 | 9y ago | git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a rel… | |||
| CVE-2017-12955 | high | 8.8 | 8.8 | 9y ago | There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or… | |||
| CVE-2017-12949 | high | 8.8 | 8.8 | 9y ago | lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitab… | |||
| CVE-2017-12881 | high | 8.8 | 8.8 | 9y ago | Spring Batch Admin vulnerable to Cross-site request forgery (CSRF) in the file upload functionality | |||
| CVE-2017-12593 | high | 8.8 | 8.8 | 9y ago | ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | |||
| CVE-2017-12592 | high | 8.8 | 8.8 | 9y ago | ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their priv… | |||
| CVE-2017-12589 | high | 8.8 | 8.8 | 9y ago | ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. | |||
| CVE-2017-12420 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrar… | |||
| CVE-2017-12937 | high | 8.8 | 8.8 | 9y ago | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | |||
| CVE-2017-12936 | high | 8.8 | 8.8 | 9y ago | The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. | |||
| CVE-2017-12935 | high | 8.8 | 8.8 | 9y ago | The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. | |||
| CVE-2017-7556 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery in hawtio | |||
| CVE-2017-7547 | high | 8.8 | 8.8 | 9y ago | PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by… | |||
| CVE-2017-6421 | high | 8.8 | 8.8 | 9y ago | In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow. | |||
| CVE-2017-12863 | high | 8.8 | 8.8 | 9y ago | Integer Overflow or Wraparound in OpenCV | |||
| CVE-2017-12426 | high | 8.8 | 8.8 | 9y ago | GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote … | |||
| CVE-2017-12853 | high | 8.8 | 8.8 | 9y ago | The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authentic… | |||
| CVE-2017-12851 | high | 8.8 | 8.8 | 9y ago | An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46. | |||
| CVE-2017-12850 | high | 8.8 | 8.8 | 9y ago | An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46. | |||
| CVE-2017-9660 | high | 8.8 | 8.8 | 9y ago | A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a cras… | |||
| CVE-2017-9659 | high | 8.8 | 8.8 | 9y ago | A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may ca… | |||
| CVE-2017-6328 | high | 8.8 | 8.8 | 9y ago | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious… | |||
| CVE-2017-3123 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |||
| CVE-2017-3121 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Met… |