CVEs from 2017
Total
11,795
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
14.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-11257 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engi… | |
| CVE-2017-11256 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating conten… | |
| CVE-2017-11254 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader'… | |
| CVE-2017-11251 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 pa… | |
| CVE-2017-11241 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion… | |
| CVE-2017-11237 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing… | |
| CVE-2017-11235 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversio… | |
| CVE-2017-11234 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11231 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rend… | |
| CVE-2017-11229 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Forma… | |
| CVE-2017-11228 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11227 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11226 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image proces… | |
| CVE-2017-11224 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engi… | |
| CVE-2017-11223 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA… | |
| CVE-2017-11222 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Repr… | |
| CVE-2017-11221 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation func… | |
| CVE-2017-11220 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data str… | |
| CVE-2017-11219 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering e… | |
| CVE-2017-11218 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event managemen… | |
| CVE-2017-11216 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11214 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11212 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11211 | high | 8.8 | 8.8 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Suc… | |
| CVE-2017-1174 | high | 8.8 | 8.8 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … | |
| CVE-2017-9799 | high | 8.8 | 8.8 | 9y ago | Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user | |
| CVE-2017-9370 | high | 8.8 | 8.8 | 9y ago | An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain acc… | |
| CVE-2017-12754 | high | 8.8 | 8.8 | 9y ago | Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-A… | |
| CVE-2017-8691 | high | 8.8 | 8.8 | 9y ago | Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded f… | |
| CVE-2017-8664 | high | 8.8 | 8.8 | 9y ago | Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fa… | |
| CVE-2017-8625 | high | 8.8 | 8.8 | 9y ago | Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to … | |
| CVE-2017-8503 | high | 8.8 | 8.8 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability".… | |
| CVE-2017-11741 | high | 8.8 | 8.8 | 9y ago | HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges b… | |
| CVE-2017-10204 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |
| CVE-2017-10129 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |
| CVE-2017-12678 | high | 8.8 | 8.8 | 9y ago | In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspeci… | |
| CVE-2017-12669 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. | |
| CVE-2017-12668 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. | |
| CVE-2017-12667 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. | |
| CVE-2017-12666 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c. | |
| CVE-2017-12665 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. | |
| CVE-2017-12664 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. | |
| CVE-2017-12663 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. | |
| CVE-2017-12662 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. | |
| CVE-2017-12651 | high | 8.8 | 8.8 | 9y ago | Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. | |
| CVE-2017-12644 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. | |
| CVE-2017-12642 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. | |
| CVE-2017-12641 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. | |
| CVE-2017-12640 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. | |
| CVE-2017-12479 | high | 8.8 | 8.8 | 9y ago | It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege use… | |
| CVE-2017-9633 | high | 8.8 | 8.8 | 9y ago | An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-… | |
| CVE-2017-6757 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. T… | |
| CVE-2017-6756 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerabilit… | |
| CVE-2017-12606 | high | 8.8 | 8.8 | 9y ago | Out-of-bounds Write in OpenCV | |
| CVE-2017-12605 | high | 8.8 | 8.8 | 9y ago | Out-of-bounds Write in OpenCV | |
| CVE-2017-12604 | high | 8.8 | 8.8 | 9y ago | Out-of-bounds Write in OpenCV | |
| CVE-2017-12601 | high | 8.8 | 8.8 | 9y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV | |
| CVE-2017-12599 | high | 8.8 | 8.8 | 9y ago | Out-of-bounds Read in OpenCV | |
| CVE-2017-12597 | high | 8.8 | 8.8 | 9y ago | Out-of-bounds Write in OpenCV | |
| CVE-2017-10677 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. | |
| CVE-2017-12587 | high | 8.8 | 8.8 | 9y ago | ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c. | |
| CVE-2017-12585 | high | 8.8 | 8.8 | 9y ago | SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be explo… | |
| CVE-2017-12584 | high | 8.8 | 8.8 | 9y ago | There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to… | |
| CVE-2017-9863 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in… | |
| CVE-2017-11392 | high | 8.8 | 8.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |
| CVE-2017-11391 | high | 8.8 | 8.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |
| CVE-2017-7442 | high | 8.8 | 8.8 | 9y ago | Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | |
| CVE-2017-11388 | high | 8.8 | 8.8 | 9y ago | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Forme… | |
| CVE-2017-2281 | high | 8.8 | 8.8 | 9y ago | WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |
| CVE-2017-2280 | high | 8.8 | 8.8 | 9y ago | WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | |
| CVE-2017-2138 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) a… | |
| CVE-2017-11364 | high | 8.8 | 8.8 | 9y ago | The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate… | |
| CVE-2017-4921 | high | 8.8 | 8.8 | 9y ago | VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issu… | |
| CVE-2017-11726 | high | 8.8 | 8.8 | 9y ago | services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting. | |
| CVE-2017-11648 | high | 8.8 | 8.8 | 9y ago | Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filte… | |
| CVE-2017-11760 | high | 8.8 | 8.8 | 9y ago | uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated… | |
| CVE-2017-9490 | high | 8.8 | 8.8 | 9y ago | The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | |
| CVE-2017-9489 | high | 8.8 | 8.8 | 9y ago | The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | |
| CVE-2017-9488 | high | 8.8 | 8.8 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access th… | |
| CVE-2017-11736 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. | |
| CVE-2017-6257 | high | 8.8 | 8.8 | 9y ago | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges | |
| CVE-2017-11646 | high | 8.8 | 8.8 | 9y ago | NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. The… | |
| CVE-2017-9614 | high | 8.8 | 8.8 | 9y ago | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified oth… | |
| CVE-2017-11681 | high | 8.8 | 8.8 | 9y ago | Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=c… | |
| CVE-2017-11680 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | |
| CVE-2017-11679 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | |
| CVE-2017-11678 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | |
| CVE-2017-11675 | high | 8.8 | 8.8 | 9y ago | Authenticated RCE in Zen Cart 1.5.5e | |
| CVE-2017-11642 | high | 8.8 | 8.8 | 9y ago | GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. | |
| CVE-2017-11638 | high | 8.8 | 8.8 | 9y ago | GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. | |
| CVE-2017-6753 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected b… | |
| CVE-2017-9413 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a p… | |
| CVE-2017-11422 | high | 8.8 | 8.8 | 9y ago | Statamic framework Incorrect Permission Assignment | |
| CVE-2017-2273 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators… | |
| CVE-2017-1373 | high | 8.8 | 8.8 | 9y ago | Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force … | |
| CVE-2017-1371 | high | 8.8 | 8.8 | 9y ago | Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access… | |
| CVE-2017-9930 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. | |
| CVE-2017-10993 | high | 8.8 | 8.8 | 9y ago | Contao Core directory traversal vulnerability | |
| CVE-2017-7068 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involve… | |
| CVE-2017-7061 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… |