CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17740 | high | 7.5 | 7.5 | 9y ago | contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows r… | |||
| CVE-2017-3190 | high | 7.5 | 7.5 | 9y ago | Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an atta… | |||
| CVE-2017-14091 | high | 7.5 | 7.5 | 9y ago | A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensi… | |||
| CVE-2017-16787 | medium | 6.5 | 7.5 | 9y ago | The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | |||
| CVE-2017-17684 | high | 7.5 | 7.5 | 9y ago | Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request. | |||
| CVE-2017-17683 | high | 7.5 | 7.5 | 9y ago | Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request. | |||
| CVE-2017-17537 | high | 7.5 | 7.5 | 9y ago | MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, po… | |||
| CVE-2017-17568 | high | 7.5 | 7.5 | 9y ago | Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive inform… | |||
| CVE-2017-17567 | high | 7.5 | 7.5 | 9y ago | Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | |||
| CVE-2017-11930 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows … | |||
| CVE-2017-11916 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11913 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2… | |||
| CVE-2017-11912 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in W… | |||
| CVE-2017-11910 | high | 7.5 | 7.5 | 9y ago | ChakraCore vulnerable to remote code execution due to insufficient InlineCache check | |||
| CVE-2017-11908 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11905 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11901 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 … | |||
| CVE-2017-11895 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 1… | |||
| CVE-2017-11894 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge … | |||
| CVE-2017-11889 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11888 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge… | |||
| CVE-2017-11886 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker… | |||
| CVE-2017-16680 | high | 7.5 | 7.5 | 9y ago | Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could al… | |||
| CVE-2017-15942 | high | 7.5 | 7.5 | 9y ago | Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management in… | |||
| CVE-2017-17497 | high | 7.5 | 7.5 | 9y ago | In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" proces… | |||
| CVE-2017-16241 | high | 7.5 | 7.5 | 9y ago | Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote atta… | |||
| CVE-2017-3111 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. | |||
| CVE-2017-16366 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-11480 | high | 7.5 | 7.5 | 9y ago | Denial of service in github.com/elastic/beats | |||
| CVE-2017-17463 | high | 7.5 | 7.5 | 9y ago | Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. | |||
| CVE-2017-1000410 | high | 7.5 | 7.5 | 9y ago | The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of… | |||
| CVE-2017-1271 | high | 7.5 | 7.5 | 9y ago | IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption o… | |||
| CVE-2017-17068 | high | 7.5 | 7.5 | 9y ago | auth0-js Privilege Escalation Vulnerability | |||
| CVE-2017-17439 | high | 7.5 | 7.5 | 9y ago | In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditiona… | |||
| CVE-2017-13175 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175. | |||
| CVE-2017-13169 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375. | |||
| CVE-2017-13164 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193. | |||
| CVE-2017-13159 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772. | |||
| CVE-2017-13158 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915. | |||
| CVE-2017-13157 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341. | |||
| CVE-2017-13152 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384. | |||
| CVE-2017-17432 | high | 7.5 | 7.5 | 9y ago | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated… | |||
| CVE-2017-11031 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free cond… | |||
| CVE-2017-17066 | high | 7.5 | 7.5 | 9y ago | The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitiv… | |||
| CVE-2017-12079 | high | 7.5 | 7.5 | 9y ago | Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via p… | |||
| CVE-2017-17104 | high | 7.5 | 7.5 | 9y ago | Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | |||
| CVE-2017-17102 | high | 7.5 | 7.5 | 9y ago | Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | |||
| CVE-2017-8821 | high | 7.5 | 7.5 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via c… | |||
| CVE-2017-8820 | high | 7.5 | 7.5 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer deref… | |||
| CVE-2017-8819 | high | 7.5 | 7.5 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion … | |||
| CVE-2017-16612 | high | 7.5 | 7.5 | 9y ago | libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack ve… | |||
| CVE-2017-14486 | high | 7.5 | 7.5 | 9y ago | The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease se… | |||
| CVE-2017-13663 | high | 7.5 | 7.5 | 9y ago | Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | |||
| CVE-2017-15701 | high | 7.5 | 7.5 | 9y ago | Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption | |||
| CVE-2017-10901 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. | |||
| CVE-2017-10895 | high | 7.5 | 7.5 | 9y ago | sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2017-10894 | high | 7.5 | 7.5 | 9y ago | StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2017-10874 | high | 7.5 | 7.5 | 9y ago | PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks. | |||
| CVE-2017-17084 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. | |||
| CVE-2017-17083 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginni… | |||
| CVE-2017-11286 | high | 7.5 | 7.5 | 9y ago | Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||
| CVE-2017-1000406 | high | 7.5 | 7.5 | 9y ago | Password change doesn't result in Karaf clearing cache | |||
| CVE-2017-14949 | high | 7.5 | 7.5 | 9y ago | Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request | |||
| CVE-2017-14868 | high | 7.5 | 7.5 | 9y ago | Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider | |||
| CVE-2017-17065 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (d… | |||
| CVE-2017-14196 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files … | |||
| CVE-2017-8019 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets … | |||
| CVE-2017-17042 | high | 7.5 | 7.5 | 9y ago | lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitr… | |||
| CVE-2017-15275 | high | 7.5 | 7.5 | 9y ago | Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | |||
| CVE-2017-15054 | high | 7.5 | 7.5 | 9y ago | TeamPass arbitrary file upload vulnerability | |||
| CVE-2017-14390 | high | 7.5 | 7.5 | 9y ago | In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations. | |||
| CVE-2017-13699 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent … | |||
| CVE-2017-13698 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them agains… | |||
| CVE-2017-8174 | high | 7.5 | 7.5 | 9y ago | Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the we… | |||
| CVE-2017-8167 | high | 7.5 | 7.5 | 9y ago | Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target devi… | |||
| CVE-2017-8147 | high | 7.5 | 7.5 | 9y ago | AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,Clou… | |||
| CVE-2017-2704 | high | 7.5 | 7.5 | 9y ago | Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlie… | |||
| CVE-2017-2700 | high | 7.5 | 7.5 | 9y ago | AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS… | |||
| CVE-2017-8863 | high | 7.5 | 7.5 | 9y ago | Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser. | |||
| CVE-2017-16892 | high | 7.5 | 7.5 | 9y ago | In Bftpd before 4.7, there is a memory leak in the file rename function. | |||
| CVE-2017-1000230 | high | 7.5 | 7.5 | 9y ago | The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulti… | |||
| CVE-2017-13703 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. | |||
| CVE-2017-16877 | high | 7.5 | 7.5 | 9y ago | Next.js Directory Traversal Vulnerability | |||
| CVE-2017-1000191 | high | 7.5 | 7.5 | 9y ago | Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. | |||
| CVE-2017-16875 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection wi… | |||
| CVE-2017-4928 | high | 7.5 | 7.5 | 9y ago | The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization … | |||
| CVE-2017-4927 | high | 7.5 | 7.5 | 9y ago | VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | |||
| CVE-2017-1000129 | high | 7.5 | 7.5 | 9y ago | Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | |||
| CVE-2017-1000125 | high | 7.5 | 7.5 | 9y ago | Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | |||
| CVE-2017-1000247 | high | 7.5 | 7.5 | 9y ago | CodeIgniter HTTP Header Injection | |||
| CVE-2017-1000189 | high | 7.5 | 7.5 | 9y ago | nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | |||
| CVE-2017-1000200 | high | 7.5 | 7.5 | 9y ago | tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service | |||
| CVE-2017-1000199 | high | 7.5 | 7.5 | 9y ago | tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | |||
| CVE-2017-1000198 | high | 7.5 | 7.5 | 9y ago | tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service | |||
| CVE-2017-1000195 | high | 7.5 | 7.5 | 9y ago | October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. | |||
| CVE-2017-0859 | high | 7.5 | 7.5 | 9y ago | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131. | |||
| CVE-2017-0858 | high | 7.5 | 7.5 | 9y ago | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894. | |||
| CVE-2017-0857 | high | 7.5 | 7.5 | 9y ago | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447. | |||
| CVE-2017-0852 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506. | |||
| CVE-2017-0845 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. |