CVEs from 2017
Total
11,960
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
13.8%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-13997 | critical | 9.8 | 9.8 | 9y ago | A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio pro… | |
| CVE-2017-12639 | critical | 9.8 | 9.8 | 9y ago | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED. | |
| CVE-2017-12638 | critical | 9.8 | 9.8 | 9y ago | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE. | |
| CVE-2017-12620 | critical | 9.8 | 9.8 | 9y ago | Improper Restriction of XML External Entity Reference in Apache OpenNLP | |
| CVE-2017-11497 | critical | 9.8 | 9.8 | 9y ago | Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language pa… | |
| CVE-2017-11496 | critical | 9.8 | 9.8 | 9y ago | Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed A… | |
| CVE-2017-14942 | critical | 9.8 | 9.8 | 9y ago | Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin… | |
| CVE-2017-14738 | critical | 9.8 | 9.8 | 9y ago | FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search f… | |
| CVE-2017-14702 | critical | 9.8 | 9.8 | 9y ago | ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization. | |
| CVE-2017-14351 | critical | 9.8 | 9.8 | 9y ago | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow … | |
| CVE-2017-14350 | critical | 9.8 | 9.8 | 9y ago | A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code … | |
| CVE-2017-14349 | critical | 9.8 | 9.8 | 9y ago | An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | |
| CVE-2017-13983 | critical | 9.8 | 9.8 | 9y ago | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | |
| CVE-2017-7552 | critical | 9.8 | 9.8 | 9y ago | A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to … | |
| CVE-2017-14507 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_c… | |
| CVE-2017-12236 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass … | |
| CVE-2017-12229 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of t… | |
| CVE-2017-12814 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long en… | |
| CVE-2017-12621 | critical | 9.8 | 9.8 | 9y ago | Improper Restriction of XML External Entity Reference in Jelly | |
| CVE-2017-11121 | critical | 9.8 | 9.8 | 9y ago | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack o… | |
| CVE-2017-11120 | critical | 9.8 | 9.8 | 9y ago | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2… | |
| CVE-2017-10932 | critical | 9.8 | 9.8 | 9y ago | All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI… | |
| CVE-2017-14760 | critical | 9.8 | 9.8 | 9y ago | SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.… | |
| CVE-2017-14703 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | |
| CVE-2017-9957 | critical | 9.8 | 9.8 | 9y ago | A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can … | |
| CVE-2017-7974 | critical | 9.8 | 9.8 | 9y ago | A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and… | |
| CVE-2017-7973 | critical | 9.8 | 9.8 | 9y ago | A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of… | |
| CVE-2017-14125 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme tas… | |
| CVE-2017-14723 | critical | 9.8 | 9.8 | 9y ago | Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injec… | |
| CVE-2017-14706 | critical | 9.8 | 9.8 | 9y ago | DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken … | |
| CVE-2017-14080 | critical | 9.8 | 9.8 | 9y ago | Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | |
| CVE-2017-14078 | critical | 9.8 | 9.8 | 9y ago | SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |
| CVE-2017-9393 | critical | 9.8 | 9.8 | 9y ago | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | |
| CVE-2017-14637 | critical | 9.8 | 9.8 | 9y ago | In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address. | |
| CVE-2017-14636 | critical | 9.8 | 9.8 | 9y ago | Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes… | |
| CVE-2017-9283 | critical | 9.8 | 9.8 | 9y ago | An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | |
| CVE-2017-9282 | critical | 9.8 | 9.8 | 9y ago | An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerabil… | |
| CVE-2017-12170 | critical | 9.8 | 9.8 | 9y ago | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with defau… | |
| CVE-2017-14652 | critical | 9.8 | 9.8 | 9y ago | SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC enco… | |
| CVE-2017-14648 | critical | 9.8 | 9.8 | 9y ago | A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service o… | |
| CVE-2017-12930 | critical | 9.8 | 9.8 | 9y ago | SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. | |
| CVE-2017-12928 | critical | 9.8 | 9.8 | 9y ago | A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with… | |
| CVE-2017-14632 | critical | 9.8 | 9.8 | 9y ago | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 5501… | |
| CVE-2017-14631 | critical | 9.8 | 9.8 | 9y ago | In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. | |
| CVE-2017-14630 | critical | 9.8 | 9.8 | 9y ago | In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation. | |
| CVE-2017-14628 | critical | 9.8 | 9.8 | 9y ago | In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. | |
| CVE-2017-14626 | critical | 9.8 | 9.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. | |
| CVE-2017-14625 | critical | 9.8 | 9.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. | |
| CVE-2017-14624 | critical | 9.8 | 9.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. | |
| CVE-2017-14596 | critical | 9.8 | 9.8 | 9y ago | In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | |
| CVE-2017-12611 | critical | 9.8 | 9.8 | 9y ago | Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal | |
| CVE-2017-8772 | critical | 9.8 | 9.8 | 9y ago | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file syst… | |
| CVE-2017-8771 | critical | 9.8 | 9.8 | 9y ago | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is… | |
| CVE-2017-6315 | critical | 9.8 | 9.8 | 9y ago | Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. | |
| CVE-2017-14143 | critical | 9.8 | 9.8 | 9y ago | The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and cons… | |
| CVE-2017-10700 | critical | 9.8 | 9.8 | 9y ago | In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | |
| CVE-2017-10930 | critical | 9.8 | 9.8 | 9y ago | The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information li… | |
| CVE-2017-14532 | critical | 9.8 | 9.8 | 9y ago | ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. | |
| CVE-2017-14512 | critical | 9.8 | 9.8 | 9y ago | NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | |
| CVE-2017-14244 | critical | 9.8 | 9.8 | 9y ago | An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs wi… | |
| CVE-2017-14243 | critical | 9.8 | 9.8 | 9y ago | An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials fr… | |
| CVE-2017-9328 | critical | 9.8 | 9.8 | 9y ago | Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | |
| CVE-2017-10845 | critical | 9.8 | 9.8 | 9y ago | Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. | |
| CVE-2017-13067 | critical | 9.8 | 9.8 | 9y ago | QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerabili… | |
| CVE-2017-1002028 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed i… | |
| CVE-2017-1002027 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.… | |
| CVE-2017-1002023 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | |
| CVE-2017-1002022 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. | |
| CVE-2017-1002021 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | |
| CVE-2017-1002020 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. | |
| CVE-2017-1002019 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |
| CVE-2017-1002018 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |
| CVE-2017-1002016 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | |
| CVE-2017-1002015 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | |
| CVE-2017-1002014 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | |
| CVE-2017-1002013 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | |
| CVE-2017-1002012 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable bef… | |
| CVE-2017-1002010 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize use… | |
| CVE-2017-1002009 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize use… | |
| CVE-2017-1002008 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a use… | |
| CVE-2017-1002003 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |
| CVE-2017-1002002 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ | |
| CVE-2017-1002001 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |
| CVE-2017-1002000 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check … | |
| CVE-2017-13725 | critical | 9.8 | 9.8 | 9y ago | The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | |
| CVE-2017-13690 | critical | 9.8 | 9.8 | 9y ago | The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. | |
| CVE-2017-13689 | critical | 9.8 | 9.8 | 9y ago | The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). | |
| CVE-2017-13688 | critical | 9.8 | 9.8 | 9y ago | The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). | |
| CVE-2017-13687 | critical | 9.8 | 9.8 | 9y ago | The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). | |
| CVE-2017-13055 | critical | 9.8 | 9.8 | 9y ago | The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). | |
| CVE-2017-13054 | critical | 9.8 | 9.8 | 9y ago | The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). | |
| CVE-2017-13053 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). | |
| CVE-2017-13052 | critical | 9.8 | 9.8 | 9y ago | The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). | |
| CVE-2017-13051 | critical | 9.8 | 9.8 | 9y ago | The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). | |
| CVE-2017-13050 | critical | 9.8 | 9.8 | 9y ago | The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). | |
| CVE-2017-13049 | critical | 9.8 | 9.8 | 9y ago | The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). | |
| CVE-2017-13048 | critical | 9.8 | 9.8 | 9y ago | The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). | |
| CVE-2017-13047 | critical | 9.8 | 9.8 | 9y ago | The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). | |
| CVE-2017-13046 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). | |
| CVE-2017-13045 | critical | 9.8 | 9.8 | 9y ago | The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). |