CVEs from 2017
Total
11,615
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9083 | medium | 6.5 | 6.5 | 9y ago | poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation … | |||
| CVE-2017-7433 | medium | 6.5 | 6.5 | 9y ago | An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially cr… | |||
| CVE-2017-4012 | medium | 6.5 | 6.5 | 9y ago | Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP re… | |||
| CVE-2017-9025 | medium | 6.5 | 6.5 | 9y ago | Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HT… | |||
| CVE-2017-7479 | medium | 6.5 | 6.5 | 9y ago | OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | |||
| CVE-2017-5655 | medium | 6.5 | 6.5 | 9y ago | In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the ho… | |||
| CVE-2017-0064 | medium | 6.5 | 6.5 | 9y ago | A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability." | |||
| CVE-2017-7472 | medium | 5.5 | 6.5 | 9y ago | The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring cal… | |||
| CVE-2017-6865 | medium | 6.5 | 6.5 | 9y ago | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS… | |||
| CVE-2017-2681 | medium | 6.5 | 6.5 | 9y ago | Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to re… | |||
| CVE-2017-2680 | medium | 6.5 | 6.5 | 9y ago | Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the sys… | |||
| CVE-2017-8878 | medium | 6.5 | 6.5 | 9y ago | ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. | |||
| CVE-2017-8877 | medium | 6.5 | 6.5 | 9y ago | ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | |||
| CVE-2017-8875 | medium | 6.5 | 6.5 | 9y ago | CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. | |||
| CVE-2017-5527 | medium | 6.5 | 6.5 | 9y ago | TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier cont… | |||
| CVE-2017-8848 | medium | 6.5 | 6.5 | 9y ago | Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | |||
| CVE-2017-8830 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8765 | medium | 6.5 | 6.5 | 9y ago | The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. | |||
| CVE-2017-8458 | medium | 6.5 | 6.5 | 9y ago | Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.exampl… | |||
| CVE-2017-7216 | medium | 6.5 | 6.5 | 9y ago | The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. | |||
| CVE-2017-8112 | medium | 6.5 | 6.5 | 9y ago | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | |||
| CVE-2017-8086 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors inv… | |||
| CVE-2017-7440 | medium | 6.5 | 6.5 | 9y ago | Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjackin… | |||
| CVE-2017-8401 | medium | 6.5 | 6.5 | 9y ago | In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attacke… | |||
| CVE-2017-6564 | medium | 6.5 | 6.5 | 9y ago | On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This … | |||
| CVE-2017-8365 | medium | 6.5 | 6.5 | 9y ago | The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | |||
| CVE-2017-8363 | medium | 6.5 | 6.5 | 9y ago | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||
| CVE-2017-8362 | medium | 6.5 | 6.5 | 9y ago | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | |||
| CVE-2017-8357 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8356 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8355 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8354 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8353 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8352 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8351 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8350 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8349 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8348 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8347 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8346 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8345 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8344 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8343 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8327 | medium | 6.5 | 6.5 | 9y ago | The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image. | |||
| CVE-2017-7644 | medium | 6.5 | 6.5 | 9y ago | The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging inco… | |||
| CVE-2017-2098 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2017-2090 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2017-8219 | medium | 6.5 | 6.5 | 9y ago | TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | |||
| CVE-2017-7989 | medium | 6.5 | 6.5 | 9y ago | In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | |||
| CVE-2017-3592 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Payables component of Oracle E-Business Suite (subcomponent: Self Service Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5… | |||
| CVE-2017-3577 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). The supported version that is affected is 9.2. Easily "exploitable" … | |||
| CVE-2017-3571 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily "exploitable" vuln… | |||
| CVE-2017-3570 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eSettlements). The supported version that is affected is 9.1. Easily "exploitable" vulnerability… | |||
| CVE-2017-3568 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing and Login). Supported versions that are affected are 5.4.0… | |||
| CVE-2017-3534 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.2, 12.… | |||
| CVE-2017-3525 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM Service Procurement component of Oracle PeopleSoft Products (subcomponent: Usability). The supported version that is affected is 9.2. Easily "exploitabl… | |||
| CVE-2017-3524 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component of Oracle PeopleSoft Products (subcomponent: Bidder Registration). The supported version that is affected is 9.2. Easily "e… | |||
| CVE-2017-3522 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection component of Oracle PeopleSoft Products (subcomponent: Vendor). The supported version that is affected is 9.2. Easily "exploitable"… | |||
| CVE-2017-3521 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). The supported version that is affected is 9.2. Easily "exploit… | |||
| CVE-2017-3520 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable"… | |||
| CVE-2017-3517 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily "exploitable" vulner… | |||
| CVE-2017-3491 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are… | |||
| CVE-2017-3488 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3… | |||
| CVE-2017-3453 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. … | |||
| CVE-2017-3452 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows l… | |||
| CVE-2017-3331 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily "exploitable" vulnerability allows low priv… | |||
| CVE-2017-8100 | medium | 6.5 | 6.5 | 9y ago | There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. | |||
| CVE-2017-8098 | medium | 6.5 | 6.5 | 9y ago | e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plu… | |||
| CVE-2017-1000358 | medium | 6.5 | 6.5 | 9y ago | Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is af… | |||
| CVE-2017-2333 | medium | 6.5 | 6.5 | 9y ago | A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to… | |||
| CVE-2017-2326 | medium | 6.5 | 6.5 | 9y ago | An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to … | |||
| CVE-2017-2325 | medium | 6.5 | 6.5 | 9y ago | A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading… | |||
| CVE-2017-2318 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integr… | |||
| CVE-2017-2316 | medium | 6.5 | 6.5 | 9y ago | A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading… | |||
| CVE-2017-2312 | medium | 6.5 | 6.5 | 9y ago | On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for … | |||
| CVE-2017-8082 | medium | 6.5 | 6.5 | 9y ago | concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving … | |||
| CVE-2017-7994 | medium | 6.5 | 6.5 | 9y ago | The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF… | |||
| CVE-2017-6614 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file… | |||
| CVE-2017-4969 | medium | 6.5 | 6.5 | 9y ago | The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. | |||
| CVE-2017-7943 | medium | 6.5 | 6.5 | 9y ago | The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7942 | medium | 6.5 | 6.5 | 9y ago | The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7941 | medium | 6.5 | 6.5 | 9y ago | The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7700 | medium | 6.5 | 6.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring… | |||
| CVE-2017-0211 | medium | 5.5 | 6.5 | 9y ago | An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when … | |||
| CVE-2017-0207 | medium | 6.5 | 6.5 | 9y ago | Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability." | |||
| CVE-2017-0167 | medium | 5.5 | 6.5 | 9y ago | An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory… | |||
| CVE-2017-5672 | medium | 6.5 | 6.5 | 9y ago | Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | |||
| CVE-2017-7646 | medium | 6.5 | 6.5 | 9y ago | SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | |||
| CVE-2017-7606 | medium | 6.5 | 6.5 | 9y ago | coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service … | |||
| CVE-2017-7589 | medium | 6.5 | 6.5 | 9y ago | In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON obj… | |||
| CVE-2017-6603 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted syste… | |||
| CVE-2017-3884 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The att… | |||
| CVE-2017-0886 | medium | 6.5 | 6.5 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the applicat… | |||
| CVE-2017-2671 | medium | 5.5 | 6.5 | 9y ago | The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which al… | |||
| CVE-2017-2489 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from… | |||
| CVE-2017-2486 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the addr… | |||
| CVE-2017-2453 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime… | |||
| CVE-2017-2424 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows r… | |||
| CVE-2017-2418 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the C… | |||
| CVE-2017-2388 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointe… |