CVEs from 2017
Total
11,657
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10919 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. | |||
| CVE-2017-10911 | medium | 6.5 | 6.5 | 9y ago | The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memor… | |||
| CVE-2017-6704 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attack… | |||
| CVE-2017-10796 | medium | 6.5 | 6.5 | 9y ago | On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. | |||
| CVE-2017-10792 | medium | 6.5 | 6.5 | 9y ago | There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert … | |||
| CVE-2017-10791 | medium | 6.5 | 6.5 | 9y ago | There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SP… | |||
| CVE-2017-2298 | medium | 6.5 | 6.5 | 9y ago | The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an … | |||
| CVE-2017-8443 | medium | 6.5 | 6.5 | 9y ago | In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters crede… | |||
| CVE-2017-10669 | medium | 6.5 | 6.5 | 9y ago | Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages mus… | |||
| CVE-2017-6036 | medium | 6.5 | 6.5 | 9y ago | A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently veri… | |||
| CVE-2017-6030 | medium | 6.5 | 6.5 | 9y ago | A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior … | |||
| CVE-2017-5529 | medium | 6.5 | 6.5 | 9y ago | JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affec… | |||
| CVE-2017-1310 | medium | 6.5 | 6.5 | 9y ago | IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts … | |||
| CVE-2017-9998 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | |||
| CVE-2017-9989 | medium | 6.5 | 6.5 | 9y ago | util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. | |||
| CVE-2017-9988 | medium | 6.5 | 6.5 | 9y ago | The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. | |||
| CVE-2017-7522 | medium | 6.5 | 6.5 | 9y ago | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | |||
| CVE-2017-9937 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. | |||
| CVE-2017-9869 | medium | 5.5 | 6.5 | 9y ago | The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application cr… | |||
| CVE-2017-1193 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. | |||
| CVE-2017-1131 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. | |||
| CVE-2017-9775 | medium | 6.5 | 6.5 | 9y ago | Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | |||
| CVE-2017-9815 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function … | |||
| CVE-2017-2829 | medium | 6.5 | 6.5 | 9y ago | An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request… | |||
| CVE-2017-9130 | medium | 5.5 | 6.5 | 9y ago | The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted… | |||
| CVE-2017-9129 | medium | 5.5 | 6.5 | 9y ago | The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file. | |||
| CVE-2017-3744 | medium | 6.5 | 6.5 | 9y ago | In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated… | |||
| CVE-2017-8545 | medium | 6.5 | 6.5 | 9y ago | A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability". | |||
| CVE-2017-8534 | medium | 6.5 | 6.5 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S… | |||
| CVE-2017-8533 | medium | 6.5 | 6.5 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |||
| CVE-2017-8532 | medium | 6.5 | 6.5 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |||
| CVE-2017-8531 | medium | 6.5 | 6.5 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2… | |||
| CVE-2017-8529 | medium | 6.5 | 6.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's compu… | |||
| CVE-2017-8469 | medium | 5.5 | 6.5 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an… | |||
| CVE-2017-9463 | medium | 6.5 | 6.5 | 9y ago | The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context … | |||
| CVE-2017-5697 | medium | 6.5 | 6.5 | 9y ago | Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remot… | |||
| CVE-2017-6697 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. … | |||
| CVE-2017-6691 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd2940… | |||
| CVE-2017-6673 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More I… | |||
| CVE-2017-6655 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) conditio… | |||
| CVE-2017-4974 | medium | 6.5 | 6.5 | 9y ago | Blind SQL Injection with privileged Cloud Foundry UAA endpoints | |||
| CVE-2017-8834 | medium | 6.5 | 6.5 | 9y ago | The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. | |||
| CVE-2017-2165 | medium | 6.5 | 6.5 | 9y ago | GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors. | |||
| CVE-2017-4905 | medium | 5.5 | 6.5 | 9y ago | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch … | |||
| CVE-2017-9501 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9500 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9499 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9461 | medium | 6.5 | 6.5 | 9y ago | smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling sym… | |||
| CVE-2017-9440 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9439 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9416 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | |||
| CVE-2017-9409 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-9408 | medium | 6.5 | 6.5 | 9y ago | In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9407 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-9406 | medium | 6.5 | 6.5 | 9y ago | In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9405 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-9404 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9403 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-0896 | medium | 6.5 | 6.5 | 9y ago | Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite ot… | |||
| CVE-2017-9378 | medium | 6.5 | 6.5 | 9y ago | BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have… | |||
| CVE-2017-7999 | medium | 6.5 | 6.5 | 9y ago | Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. | |||
| CVE-2017-9307 | medium | 6.5 | 6.5 | 9y ago | SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | |||
| CVE-2017-8782 | medium | 6.5 | 6.5 | 9y ago | The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This … | |||
| CVE-2017-2308 | medium | 6.5 | 6.5 | 9y ago | An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | |||
| CVE-2017-9295 | medium | 6.5 | 6.5 | 9y ago | XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | |||
| CVE-2017-9287 | medium | 6.5 | 6.5 | 9y ago | servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged … | |||
| CVE-2017-9263 | medium | 6.5 | 6.5 | 9y ago | In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` i… | |||
| CVE-2017-9262 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-9261 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8537 | medium | 5.5 | 6.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8536 | medium | 5.5 | 6.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8535 | medium | 5.5 | 6.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-9239 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage wi… | |||
| CVE-2017-9216 | medium | 6.5 | 6.5 | 9y ago | libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will c… | |||
| CVE-2017-9207 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image,… | |||
| CVE-2017-9206 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image,… | |||
| CVE-2017-9205 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, relat… | |||
| CVE-2017-9204 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, relat… | |||
| CVE-2017-9203 | medium | 6.5 | 6.5 | 9y ago | imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c. | |||
| CVE-2017-9202 | medium | 6.5 | 6.5 | 9y ago | imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | |||
| CVE-2017-9201 | medium | 6.5 | 6.5 | 9y ago | imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | |||
| CVE-2017-8379 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generati… | |||
| CVE-2017-9150 | medium | 5.5 | 6.5 | 9y ago | The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which all… | |||
| CVE-2017-9144 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | |||
| CVE-2017-9143 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | |||
| CVE-2017-9142 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | |||
| CVE-2017-9141 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function … | |||
| CVE-2017-6982 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app. | |||
| CVE-2017-2511 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web s… | |||
| CVE-2017-2509 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-2495 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a de… | |||
| CVE-2017-6637 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected syste… | |||
| CVE-2017-6636 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. T… | |||
| CVE-2017-6635 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected syste… | |||
| CVE-2017-9116 | medium | 6.5 | 6.5 | 9y ago | In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. | |||
| CVE-2017-9114 | medium | 6.5 | 6.5 | 9y ago | In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. | |||
| CVE-2017-9112 | medium | 6.5 | 6.5 | 9y ago | OpenEXR invalid read | |||
| CVE-2017-9110 | medium | 6.5 | 6.5 | 9y ago | In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. | |||
| CVE-2017-9094 | medium | 6.5 | 6.5 | 9y ago | The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |||
| CVE-2017-9093 | medium | 6.5 | 6.5 | 9y ago | The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. |