CVEs from 2017
Total
11,657
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000195 | high | 7.5 | 7.5 | 9y ago | October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. | |||
| CVE-2017-0859 | high | 7.5 | 7.5 | 9y ago | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131. | |||
| CVE-2017-0858 | high | 7.5 | 7.5 | 9y ago | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894. | |||
| CVE-2017-0857 | high | 7.5 | 7.5 | 9y ago | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447. | |||
| CVE-2017-0852 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506. | |||
| CVE-2017-0845 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. | |||
| CVE-2017-0840 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670. | |||
| CVE-2017-0839 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003. | |||
| CVE-2017-9701 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting … | |||
| CVE-2017-9696 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Varia… | |||
| CVE-2017-8279 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over… | |||
| CVE-2017-11093 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading "… | |||
| CVE-2017-11090 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space applicat… | |||
| CVE-2017-11089 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends … | |||
| CVE-2017-11058 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can oc… | |||
| CVE-2017-11028 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to … | |||
| CVE-2017-16719 | high | 7.5 | 7.5 | 9y ago | An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 … | |||
| CVE-2017-14028 | high | 7.5 | 7.5 | 9y ago | A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Ver… | |||
| CVE-2017-12318 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or vi… | |||
| CVE-2017-12316 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured l… | |||
| CVE-2017-15923 | high | 7.5 | 7.5 | 9y ago | Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | |||
| CVE-2017-8815 | high | 7.5 | 7.5 | 9y ago | The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. | |||
| CVE-2017-8814 | high | 7.5 | 7.5 | 9y ago | The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | |||
| CVE-2017-8810 | high | 7.5 | 7.5 | 9y ago | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the userna… | |||
| CVE-2017-8700 | high | 7.5 | 7.5 | 9y ago | Cross-origin Resource Sharing bypass in ASP.NET Core | |||
| CVE-2017-11883 | high | 7.5 | 7.5 | 9y ago | Denial of service in ASP.NET Core | |||
| CVE-2017-11871 | high | 7.5 | 7.5 | 9y ago | Chakra Core vulnerable to privilege escalation due to reading an invalid pointer | |||
| CVE-2017-11869 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 … | |||
| CVE-2017-11866 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due… | |||
| CVE-2017-11862 | high | 7.5 | 7.5 | 9y ago | Chakra Core vulnerable to privilege escalation due to type confusion | |||
| CVE-2017-11858 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Wi… | |||
| CVE-2017-11856 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 … | |||
| CVE-2017-11846 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Wi… | |||
| CVE-2017-11845 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge M… | |||
| CVE-2017-11843 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Window… | |||
| CVE-2017-11838 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10… | |||
| CVE-2017-11837 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10… | |||
| CVE-2017-11836 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due… | |||
| CVE-2017-11827 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511… | |||
| CVE-2017-11788 | high | 7.5 | 7.5 | 9y ago | Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows se… | |||
| CVE-2017-11770 | high | 7.5 | 7.5 | 9y ago | Improper Certificate Validation | |||
| CVE-2017-10267 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerabi… | |||
| CVE-2017-6275 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as… | |||
| CVE-2017-16803 | high | 7.5 | 7.5 | 9y ago | In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of se… | |||
| CVE-2017-10875 | high | 7.5 | 7.5 | 9y ago | I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. | |||
| CVE-2017-16520 | high | 7.5 | 7.5 | 9y ago | Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | |||
| CVE-2017-16762 | high | 7.5 | 7.5 | 9y ago | Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | |||
| CVE-2017-11512 | high | 7.5 | 7.5 | 9y ago | The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticat… | |||
| CVE-2017-11511 | high | 7.5 | 7.5 | 9y ago | The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticat… | |||
| CVE-2017-15865 | high | 7.5 | 7.5 | 9y ago | bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE… | |||
| CVE-2017-15087 | high | 7.5 | 7.5 | 9y ago | It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||
| CVE-2017-14360 | high | 7.5 | 7.5 | 9y ago | A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). | |||
| CVE-2017-2909 | high | 7.5 | 7.5 | 9y ago | An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and D… | |||
| CVE-2017-2898 | high | 7.5 | 7.5 | 9y ago | An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be in… | |||
| CVE-2017-2893 | high | 7.5 | 7.5 | 9y ago | An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to… | |||
| CVE-2017-2889 | high | 7.5 | 7.5 | 9y ago | An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeated… | |||
| CVE-2017-2884 | high | 7.5 | 7.5 | 9y ago | An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt … | |||
| CVE-2017-2865 | high | 7.5 | 7.5 | 9y ago | An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An at… | |||
| CVE-2017-12719 | high | 7.5 | 7.5 | 9y ago | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program cau… | |||
| CVE-2017-11177 | high | 7.5 | 7.5 | 9y ago | TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory. | |||
| CVE-2017-16540 | high | 7.5 | 7.5 | 9y ago | OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL serv… | |||
| CVE-2017-1000151 | high | 7.5 | 7.5 | 9y ago | Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. | |||
| CVE-2017-1000133 | high | 7.5 | 7.5 | 9y ago | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of th… | |||
| CVE-2017-16516 | high | 7.5 | 7.5 | 9y ago | In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c.… | |||
| CVE-2017-12281 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points cou… | |||
| CVE-2017-12280 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote att… | |||
| CVE-2017-16353 | medium | 6.5 | 7.5 | 9y ago | GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The p… | |||
| CVE-2017-16248 | high | 7.5 | 7.5 | 9y ago | The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended pol… | |||
| CVE-2017-3935 | high | 7.5 | 7.5 | 9y ago | Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body … | |||
| CVE-2017-14919 | high | 7.5 | 7.5 | 9y ago | Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 makin… | |||
| CVE-2017-16227 | high | 7.5 | 7.5 | 9y ago | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for l… | |||
| CVE-2017-15998 | high | 7.5 | 7.5 | 9y ago | In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cle… | |||
| CVE-2017-15938 | high | 7.5 | 7.5 | 9y ago | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows … | |||
| CVE-2017-15582 | high | 7.5 | 7.5 | 9y ago | In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obta… | |||
| CVE-2017-15581 | high | 7.5 | 7.5 | 9y ago | In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a… | |||
| CVE-2017-0303 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections han… | |||
| CVE-2017-5068 | high | 7.5 | 7.5 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2017-15928 | high | 7.5 | 7.5 | 9y ago | In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but… | |||
| CVE-2017-3771 | high | 7.5 | 7.5 | 9y ago | System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. | |||
| CVE-2017-12159 | high | 7.5 | 7.5 | 9y ago | Keycloak CSRF Vulnerability | |||
| CVE-2017-15908 | high | 7.5 | 7.5 | 9y ago | In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-re… | |||
| CVE-2017-15882 | high | 7.5 | 7.5 | 9y ago | The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. | |||
| CVE-2017-1583 | high | 7.5 | 7.5 | 9y ago | IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. | |||
| CVE-2017-1523 | high | 7.5 | 7.5 | 9y ago | IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. | |||
| CVE-2017-1375 | high | 7.5 | 7.5 | 9y ago | IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:… | |||
| CVE-2017-1210 | high | 7.5 | 7.5 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. | |||
| CVE-2017-15871 | high | 7.5 | 7.5 | 9y ago | The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as dem… | |||
| CVE-2017-9946 | high | 7.5 | 7.5 | 9y ago | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 44… | |||
| CVE-2017-15805 | high | 7.5 | 7.5 | 9y ago | Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | |||
| CVE-2017-15377 | high | 7.5 | 7.5 | 9y ago | In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engi… | |||
| CVE-2017-14328 | high | 7.5 | 7.5 | 9y ago | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot. | |||
| CVE-2017-7133 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in … | |||
| CVE-2017-7116 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote… | |||
| CVE-2017-7090 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7086 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" c… | |||
| CVE-2017-7080 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Securit… | |||
| CVE-2017-15723 | high | 7.5 | 7.5 | 9y ago | In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | |||
| CVE-2017-15721 | high | 7.5 | 7.5 | 9y ago | In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. | |||
| CVE-2017-15228 | high | 7.5 | 7.5 | 9y ago | Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. | |||
| CVE-2017-15227 | high | 7.5 | 7.5 | 9y ago | Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the stat… |