CVEs from 2017
Total
11,796
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
14.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-11552 | medium | 6.5 | 6.5 | 9y ago | mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decode… | |
| CVE-2017-9477 | medium | 6.5 | 6.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote att… | |
| CVE-2017-9476 | medium | 6.5 | 6.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eM… | |
| CVE-2017-11755 | medium | 6.5 | 6.5 | 9y ago | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo… | |
| CVE-2017-11754 | medium | 6.5 | 6.5 | 9y ago | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call. | |
| CVE-2017-11753 | medium | 6.5 | 6.5 | 9y ago | The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transp… | |
| CVE-2017-11752 | medium | 6.5 | 6.5 | 9y ago | The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-11751 | medium | 6.5 | 6.5 | 9y ago | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-11750 | medium | 6.5 | 6.5 | 9y ago | The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-11724 | medium | 6.5 | 6.5 | 9y ago | The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. | |
| CVE-2017-6260 | medium | 6.5 | 6.5 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. | |
| CVE-2017-11722 | medium | 6.5 | 6.5 | 9y ago | The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the … | |
| CVE-2017-11705 | medium | 6.5 | 6.5 | 9y ago | A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11704 | medium | 6.5 | 6.5 | 9y ago | A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11703 | medium | 6.5 | 6.5 | 9y ago | A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11683 | medium | 6.5 | 6.5 | 9y ago | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |
| CVE-2017-11644 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. | |
| CVE-2017-11640 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. | |
| CVE-2017-11639 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in Mag… | |
| CVE-2017-11613 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not chec… | |
| CVE-2017-8919 | medium | 6.5 | 6.5 | 9y ago | NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password informat… | |
| CVE-2017-11457 | medium | 6.5 | 6.5 | 9y ago | XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attac… | |
| CVE-2017-11327 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/cont… | |
| CVE-2017-11608 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11605 | medium | 6.5 | 6.5 | 9y ago | There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11540 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. | |
| CVE-2017-11539 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. | |
| CVE-2017-11538 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. | |
| CVE-2017-11537 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel… | |
| CVE-2017-11536 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. | |
| CVE-2017-11535 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. | |
| CVE-2017-11534 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. | |
| CVE-2017-11533 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. | |
| CVE-2017-11532 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. | |
| CVE-2017-11531 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. | |
| CVE-2017-11530 | medium | 6.5 | 6.5 | 9y ago | The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |
| CVE-2017-11529 | medium | 6.5 | 6.5 | 9y ago | The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-11528 | medium | 6.5 | 6.5 | 9y ago | The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-11527 | medium | 6.5 | 6.5 | 9y ago | The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |
| CVE-2017-11526 | medium | 6.5 | 6.5 | 9y ago | The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted f… | |
| CVE-2017-11525 | medium | 6.5 | 6.5 | 9y ago | The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |
| CVE-2017-11524 | medium | 6.5 | 6.5 | 9y ago | The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a c… | |
| CVE-2017-11523 | medium | 6.5 | 6.5 | 9y ago | The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the e… | |
| CVE-2017-11522 | medium | 6.5 | 6.5 | 9y ago | The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-1374 | medium | 6.5 | 6.5 | 9y ago | Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. | |
| CVE-2017-11505 | medium | 6.5 | 6.5 | 9y ago | The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malform… | |
| CVE-2017-7060 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to c… | |
| CVE-2017-7011 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the … | |
| CVE-2017-2517 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | |
| CVE-2017-11478 | medium | 6.5 | 6.5 | 9y ago | The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a ma… | |
| CVE-2017-1219 | medium | 6.5 | 6.5 | 9y ago | IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information … | |
| CVE-2017-11448 | medium | 6.5 | 6.5 | 9y ago | The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | |
| CVE-2017-11447 | medium | 6.5 | 6.5 | 9y ago | The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. | |
| CVE-2017-11446 | medium | 6.5 | 6.5 | 9y ago | The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. | |
| CVE-2017-9340 | medium | 6.5 | 6.5 | 9y ago | An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. | |
| CVE-2017-7947 | medium | 6.5 | 6.5 | 9y ago | NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on … | |
| CVE-2017-7532 | medium | 6.5 | 6.5 | 9y ago | Moodle Improper Privilege Management | |
| CVE-2017-2642 | medium | 6.5 | 6.5 | 9y ago | Moodle User fullname disclosure on user preferences page | |
| CVE-2017-3100 | medium | 6.5 | 6.5 | 9y ago | Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address di… | |
| CVE-2017-3080 | medium | 6.5 | 6.5 | 9y ago | Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosur… | |
| CVE-2017-2240 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | |
| CVE-2017-11360 | medium | 6.5 | 6.5 | 9y ago | The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. | |
| CVE-2017-11352 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-91… | |
| CVE-2017-11340 | medium | 6.5 | 6.5 | 9y ago | There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11339 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11338 | medium | 6.5 | 6.5 | 9y ago | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11337 | medium | 6.5 | 6.5 | 9y ago | There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11336 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |
| CVE-2017-0196 | medium | 6.5 | 6.5 | 9y ago | An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Inform… | |
| CVE-2017-1308 | medium | 6.5 | 6.5 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force … | |
| CVE-2017-1285 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages.… | |
| CVE-2017-11189 | medium | 6.5 | 6.5 | 9y ago | unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code … | |
| CVE-2017-8611 | medium | 6.5 | 6.5 | 9y ago | Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerabil… | |
| CVE-2017-8602 | medium | 6.5 | 6.5 | 9y ago | Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow… | |
| CVE-2017-8599 | medium | 6.5 | 6.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security… | |
| CVE-2017-8592 | medium | 6.5 | 6.5 | 9y ago | Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server … | |
| CVE-2017-8587 | medium | 6.5 | 6.5 | 9y ago | Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability whe… | |
| CVE-2017-0170 | medium | 6.5 | 6.5 | 9y ago | Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2… | |
| CVE-2017-11166 | medium | 6.5 | 6.5 | 9y ago | The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the heade… | |
| CVE-2017-11141 | medium | 6.5 | 6.5 | 9y ago | The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageEx… | |
| CVE-2017-8442 | medium | 6.5 | 6.5 | 9y ago | Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL k… | |
| CVE-2017-4999 | medium | 6.5 | 6.5 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privile… | |
| CVE-2017-10973 | medium | 6.5 | 6.5 | 9y ago | In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | |
| CVE-2017-1236 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 | |
| CVE-2017-10972 | medium | 6.5 | 6.5 | 9y ago | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X serve… | |
| CVE-2017-8420 | medium | 6.5 | 6.5 | 9y ago | SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malforme… | |
| CVE-2017-1258 | medium | 6.5 | 6.5 | 9y ago | IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 | |
| CVE-2017-10923 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. | |
| CVE-2017-10919 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. | |
| CVE-2017-10911 | medium | 6.5 | 6.5 | 9y ago | The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memor… | |
| CVE-2017-10803 | medium | 6.5 | 6.5 | 9y ago | In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated pr… | |
| CVE-2017-6704 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attack… | |
| CVE-2017-10796 | medium | 6.5 | 6.5 | 9y ago | On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. | |
| CVE-2017-10792 | medium | 6.5 | 6.5 | 9y ago | There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert … | |
| CVE-2017-10791 | medium | 6.5 | 6.5 | 9y ago | There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SP… | |
| CVE-2017-2298 | medium | 6.5 | 6.5 | 9y ago | The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an … | |
| CVE-2017-8443 | medium | 6.5 | 6.5 | 9y ago | In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters crede… | |
| CVE-2017-10669 | medium | 6.5 | 6.5 | 9y ago | Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages mus… | |
| CVE-2017-6036 | medium | 6.5 | 6.5 | 9y ago | A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently veri… | |
| CVE-2017-6030 | medium | 6.5 | 6.5 | 9y ago | A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior … |