CVEs from 2017
Total
11,693
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10680 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted re… | |||
| CVE-2017-10678 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. | |||
| CVE-2017-2850 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftp… | |||
| CVE-2017-2849 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during N… | |||
| CVE-2017-2848 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during m… | |||
| CVE-2017-2847 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during m… | |||
| CVE-2017-2846 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during m… | |||
| CVE-2017-2845 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-2844 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" con… | |||
| CVE-2017-5528 | high | 8.8 | 8.8 | 9y ago | Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of t… | |||
| CVE-2017-9992 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote at… | |||
| CVE-2017-9990 | high | 8.8 | 8.8 | 9y ago | Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2017-6086 | high | 8.8 | 8.8 | 9y ago | ViMbAdmin CSRF Vulnerabilities | |||
| CVE-2017-2491 | high | 8.8 | 8.8 | 9y ago | Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. | |||
| CVE-2017-2843 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" c… | |||
| CVE-2017-2842 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" c… | |||
| CVE-2017-2841 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-9948 | high | 8.8 | 8.8 | 9y ago | A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. | |||
| CVE-2017-9935 | high | 8.8 | 8.8 | 9y ago | In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can… | |||
| CVE-2017-9840 | high | 8.8 | 8.8 | 9y ago | Dolibarr ERP and CRM Unsafe File Upload Vulnerability | |||
| CVE-2017-9846 | high | 8.8 | 8.8 | 9y ago | Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folde… | |||
| CVE-2017-1347 | high | 8.8 | 8.8 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … | |||
| CVE-2017-3629 | high | 7.8 | 8.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low pri… | |||
| CVE-2017-3219 | high | 8.8 | 8.8 | 9y ago | Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | |||
| CVE-2017-3218 | high | 8.8 | 8.8 | 9y ago | Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. | |||
| CVE-2017-9774 | high | 8.8 | 8.8 | 9y ago | Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | |||
| CVE-2017-2828 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-2827 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-9759 | high | 8.8 | 8.8 | 9y ago | SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | |||
| CVE-2017-8461 | high | 7.8 | 8.8 | 9y ago | Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a … | |||
| CVE-2017-9673 | high | 8.8 | 8.8 | 9y ago | In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. | |||
| CVE-2017-8528 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S… | |||
| CVE-2017-8527 | high | 8.8 | 8.8 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote… | |||
| CVE-2017-8512 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8510 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8509 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-0283 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S… | |||
| CVE-2017-8907 | high | 8.8 | 8.8 | 9y ago | Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can… | |||
| CVE-2017-9603 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. | |||
| CVE-2017-9429 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | |||
| CVE-2017-6692 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default A… | |||
| CVE-2017-6689 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Adminis… | |||
| CVE-2017-6688 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerabil… | |||
| CVE-2017-6687 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default cr… | |||
| CVE-2017-6686 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affecte… | |||
| CVE-2017-6685 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device,… | |||
| CVE-2017-6684 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulner… | |||
| CVE-2017-6683 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected syste… | |||
| CVE-2017-6682 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Inf… | |||
| CVE-2017-6659 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and … | |||
| CVE-2017-4973 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry UAA Privilege Escalation | |||
| CVE-2017-4961 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum… | |||
| CVE-2017-4959 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vu… | |||
| CVE-2017-6892 | high | 8.8 | 8.8 | 9y ago | In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. | |||
| CVE-2017-9418 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. | |||
| CVE-2017-9324 | high | 8.8 | 8.8 | 9y ago | In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain admi… | |||
| CVE-2017-2207 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2206 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2195 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-2182 | high | 8.8 | 8.8 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-217… | |||
| CVE-2017-2181 | high | 8.8 | 8.8 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-217… | |||
| CVE-2017-2179 | high | 8.8 | 8.8 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2… | |||
| CVE-2017-2178 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unsp… | |||
| CVE-2017-2177 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-9519 | high | 8.8 | 8.8 | 9y ago | atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. | |||
| CVE-2017-9518 | high | 8.8 | 8.8 | 9y ago | atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. | |||
| CVE-2017-9517 | high | 8.8 | 8.8 | 9y ago | atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | |||
| CVE-2017-7966 | high | 8.8 | 8.8 | 9y ago | A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability ex… | |||
| CVE-2017-4904 | high | 8.8 | 8.8 | 9y ago | The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402… | |||
| CVE-2017-4903 | high | 8.8 | 8.8 | 9y ago | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without pa… | |||
| CVE-2017-4902 | high | 8.8 | 8.8 | 9y ago | VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Bu… | |||
| CVE-2017-4898 | high | 8.8 | 8.8 | 9y ago | VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. S… | |||
| CVE-2017-9449 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker c… | |||
| CVE-2017-9444 | high | 8.8 | 8.8 | 9y ago | BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), … | |||
| CVE-2017-9443 | high | 8.8 | 8.8 | 9y ago | BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modu… | |||
| CVE-2017-9442 | high | 8.8 | 8.8 | 9y ago | BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename pa… | |||
| CVE-2017-9437 | high | 8.8 | 8.8 | 9y ago | Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. | |||
| CVE-2017-8836 | high | 8.8 | 8.8 | 9y ago | CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative inte… | |||
| CVE-2017-8438 | high | 8.8 | 8.8 | 9y ago | Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. … | |||
| CVE-2017-9427 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The at… | |||
| CVE-2017-9380 | high | 8.8 | 8.8 | 9y ago | OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | |||
| CVE-2017-9379 | high | 8.8 | 8.8 | 9y ago | Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashb… | |||
| CVE-2017-9365 | high | 8.8 | 8.8 | 9y ago | CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked. | |||
| CVE-2017-8386 | high | 8.8 | 8.8 | 9y ago | git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.… | |||
| CVE-2017-8402 | high | 8.8 | 8.8 | 9y ago | PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. | |||
| CVE-2017-2306 | high | 8.8 | 8.8 | 9y ago | On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device. | |||
| CVE-2017-2305 | high | 8.8 | 8.8 | 9y ago | On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allow… | |||
| CVE-2017-7917 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCe… | |||
| CVE-2017-7505 | high | 8.8 | 8.8 | 9y ago | Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted b… | |||
| CVE-2017-9033 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update… | |||
| CVE-2017-8913 | high | 8.8 | 8.8 | 9y ago | The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/se… | |||
| CVE-2017-6891 | high | 8.8 | 8.8 | 9y ago | Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a spe… | |||
| CVE-2017-9146 | high | 8.8 | 8.8 | 9y ago | The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial o… | |||
| CVE-2017-4915 | high | 7.8 | 8.8 | 9y ago | VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to … | |||
| CVE-2017-6991 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute ar… | |||
| CVE-2017-6984 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The is… | |||
| CVE-2017-6983 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute ar… | |||
| CVE-2017-6980 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2547 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2544 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… |