CVEs from 2017
Total
11,611
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16921 | high | 8.8 | 9.8 | 9y ago | In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form paramete… | |||
| CVE-2017-15889 | high | 8.8 | 9.8 | 9y ago | Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | |||
| CVE-2017-7851 | high | 8.8 | 9.8 | 9y ago | D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | |||
| CVE-2017-13802 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13798 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13797 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13796 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13795 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13794 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13792 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13791 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13785 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13784 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13783 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-12969 | high | 8.8 | 9.8 | 9y ago | Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or exe… | |||
| CVE-2017-16570 | high | 8.8 | 9.8 | 9y ago | Cross-Site Request Forgery (CSRF) in keystone | |||
| CVE-2017-16524 | high | 8.8 | 9.8 | 9y ago | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrar… | |||
| CVE-2017-16542 | high | 8.8 | 9.8 | 9y ago | Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | |||
| CVE-2017-16352 | high | 8.8 | 9.8 | 9y ago | GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. … | |||
| CVE-2017-16244 | high | 8.8 | 9.8 | 9y ago | October CMS CSRF | |||
| CVE-2017-7411 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value tha… | |||
| CVE-2017-15957 | high | 8.8 | 9.8 | 9y ago | my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | |||
| CVE-2017-15879 | high | 8.8 | 9.8 | 9y ago | Keystone is vulnerable to CSV injection | |||
| CVE-2017-13772 | high | 8.8 | 9.8 | 9y ago | Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRp… | |||
| CVE-2017-15808 | high | 8.8 | 9.8 | 9y ago | In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | |||
| CVE-2017-7117 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-15735 | high | 8.8 | 9.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | |||
| CVE-2017-15734 | high | 8.8 | 9.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | |||
| CVE-2017-15730 | high | 8.8 | 9.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | |||
| CVE-2017-15645 | high | 8.8 | 9.8 | 9y ago | CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | |||
| CVE-2017-15595 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via… | |||
| CVE-2017-15578 | high | 8.8 | 9.8 | 9y ago | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |||
| CVE-2017-15276 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |||
| CVE-2017-15013 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |||
| CVE-2017-15012 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack… | |||
| CVE-2017-1000117 | high | 8.8 | 9.8 | 9y ago | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Suc… | |||
| CVE-2017-6090 | high | 8.8 | 9.8 | 9y ago | Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte… | |||
| CVE-2017-14848 | high | 8.8 | 9.8 | 9y ago | WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | |||
| CVE-2017-14758 | high | 8.8 | 9.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.… | |||
| CVE-2017-14757 | high | 8.8 | 9.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/down… | |||
| CVE-2017-14847 | high | 8.8 | 9.8 | 9y ago | Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14846 | high | 8.8 | 9.8 | 9y ago | Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14845 | high | 8.8 | 9.8 | 9y ago | Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14844 | high | 8.8 | 9.8 | 9y ago | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |||
| CVE-2017-14843 | high | 8.8 | 9.8 | 9y ago | Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14842 | high | 8.8 | 9.8 | 9y ago | Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14840 | high | 8.8 | 9.8 | 9y ago | TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | |||
| CVE-2017-14839 | high | 8.8 | 9.8 | 9y ago | TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | |||
| CVE-2017-14838 | high | 8.8 | 9.8 | 9y ago | TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | |||
| CVE-2017-14704 | high | 8.8 | 9.8 | 9y ago | Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code … | |||
| CVE-2017-12929 | high | 8.8 | 9.8 | 9y ago | Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | |||
| CVE-2017-0781 | high | 8.8 | 9.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. | |||
| CVE-2017-8682 | high | 8.8 | 9.8 | 9y ago | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 20… | |||
| CVE-2017-13713 | high | 8.8 | 9.8 | 9y ago | T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | |||
| CVE-2017-11567 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to… | |||
| CVE-2017-12763 | high | 8.8 | 9.8 | 9y ago | An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | |||
| CVE-2017-12970 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts… | |||
| CVE-2017-11610 | high | 8.8 | 9.8 | 9y ago | The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC req… | |||
| CVE-2017-6328 | high | 8.8 | 9.8 | 9y ago | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious… | |||
| CVE-2017-3106 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11741 | high | 8.8 | 9.8 | 9y ago | HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges b… | |||
| CVE-2017-10204 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |||
| CVE-2017-10129 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |||
| CVE-2017-12479 | high | 8.8 | 9.8 | 9y ago | It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege use… | |||
| CVE-2017-11392 | high | 8.8 | 9.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |||
| CVE-2017-11391 | high | 8.8 | 9.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |||
| CVE-2017-7442 | high | 8.8 | 9.8 | 9y ago | Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | |||
| CVE-2017-9614 | high | 8.8 | 9.8 | 9y ago | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified oth… | |||
| CVE-2017-9413 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a p… | |||
| CVE-2017-7061 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7056 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7049 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7048 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7047 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involve… | |||
| CVE-2017-7046 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7043 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7042 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7041 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7040 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7039 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7037 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7018 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-6320 | high | 8.8 | 9.8 | 9y ago | A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in whic… | |||
| CVE-2017-9810 | high | 8.8 | 9.8 | 9y ago | There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacke… | |||
| CVE-2017-6086 | high | 8.8 | 9.8 | 9y ago | ViMbAdmin CSRF Vulnerabilities | |||
| CVE-2017-2491 | high | 8.8 | 9.8 | 9y ago | Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. | |||
| CVE-2017-9757 | high | 8.8 | 9.8 | 9y ago | IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF. | |||
| CVE-2017-0283 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S… | |||
| CVE-2017-9603 | high | 8.8 | 9.8 | 9y ago | SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. | |||
| CVE-2017-9429 | high | 8.8 | 9.8 | 9y ago | SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | |||
| CVE-2017-9418 | high | 8.8 | 9.8 | 9y ago | SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. | |||
| CVE-2017-9462 | high | 8.8 | 9.8 | 9y ago | In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | |||
| CVE-2017-8836 | high | 8.8 | 9.8 | 9y ago | CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative inte… | |||
| CVE-2017-9380 | high | 8.8 | 9.8 | 9y ago | OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | |||
| CVE-2017-6984 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The is… | |||
| CVE-2017-6980 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2547 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2536 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2531 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2521 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… |