CVEs from 2017
Total
11,610
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0313 | high | 7.8 | 8.8 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where un… | |||
| CVE-2017-0312 | high | 7.8 | 8.8 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit … | |||
| CVE-2017-3813 | high | 7.8 | 8.8 | 9y ago | A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with th… | |||
| CVE-2017-0412 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H… | |||
| CVE-2017-0411 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H… | |||
| CVE-2017-5329 | high | 7.8 | 8.8 | 10y ago | Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. | |||
| CVE-2017-7922 | high | 7.6 | 8.6 | 9y ago | An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to se… | |||
| CVE-2017-15667 | high | 7.5 | 8.5 | 9y ago | In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. | |||
| CVE-2017-17876 | high | 7.5 | 8.5 | 9y ago | Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | |||
| CVE-2017-17692 | high | 7.5 | 8.5 | 9y ago | Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the … | |||
| CVE-2017-17088 | high | 7.5 | 8.5 | 9y ago | The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header … | |||
| CVE-2017-17738 | high | 7.5 | 8.5 | 9y ago | The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. | |||
| CVE-2017-17593 | high | 7.5 | 8.5 | 9y ago | Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | |||
| CVE-2017-17538 | high | 7.5 | 8.5 | 9y ago | MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | |||
| CVE-2017-11918 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine … | |||
| CVE-2017-11914 | high | 7.5 | 8.5 | 9y ago | ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction | |||
| CVE-2017-11911 | high | 7.5 | 8.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11909 | high | 7.5 | 8.5 | 9y ago | ChakraCore vulnerable to remote code execution | |||
| CVE-2017-11907 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2… | |||
| CVE-2017-11903 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2… | |||
| CVE-2017-11893 | high | 7.5 | 8.5 | 9y ago | ChakraCore vulnerable to remote code execution | |||
| CVE-2017-11890 | high | 7.5 | 8.5 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker… | |||
| CVE-2017-17090 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP … | |||
| CVE-2017-16953 | high | 7.5 | 8.5 | 9y ago | connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET requ… | |||
| CVE-2017-17085 | high | 7.5 | 8.5 | 9y ago | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. | |||
| CVE-2017-17058 | high | 7.5 | 8.5 | 9y ago | The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a … | |||
| CVE-2017-16944 | high | 7.5 | 8.5 | 9y ago | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT com… | |||
| CVE-2017-16902 | high | 7.5 | 8.5 | 9y ago | On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot. | |||
| CVE-2017-16894 | high | 7.5 | 8.5 | 9y ago | In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Larav… | |||
| CVE-2017-1000170 | high | 7.5 | 8.5 | 9y ago | jqueryFileTree vulnerable to Directory Traversal | |||
| CVE-2017-11873 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to ho… | |||
| CVE-2017-11870 | high | 7.5 | 8.5 | 9y ago | Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects | |||
| CVE-2017-11861 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engin… | |||
| CVE-2017-11855 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2… | |||
| CVE-2017-11841 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due… | |||
| CVE-2017-11840 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due… | |||
| CVE-2017-11839 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engi… | |||
| CVE-2017-16806 | high | 7.5 | 8.5 | 9y ago | The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | |||
| CVE-2017-16249 | high | 7.5 | 8.5 | 9y ago | The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with … | |||
| CVE-2017-16642 | high | 7.5 | 8.5 | 9y ago | In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to … | |||
| CVE-2017-15921 | high | 7.5 | 8.5 | 9y ago | In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc… | |||
| CVE-2017-15920 | high | 7.5 | 8.5 | 9y ago | In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc… | |||
| CVE-2017-15956 | high | 7.5 | 8.5 | 9y ago | ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. | |||
| CVE-2017-15647 | high | 7.5 | 8.5 | 9y ago | On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | |||
| CVE-2017-11811 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11810 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-11809 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11802 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11799 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11793 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-15236 | high | 7.5 | 8.5 | 9y ago | Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config… | |||
| CVE-2017-15235 | high | 7.5 | 8.5 | 9y ago | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact fi… | |||
| CVE-2017-5637 | high | 7.5 | 8.5 | 9y ago | Uncontrolled Resource Consumption in Apache ZooKeeper | |||
| CVE-2017-13068 | high | 7.5 | 8.5 | 9y ago | QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attack… | |||
| CVE-2017-14087 | high | 7.5 | 8.5 | 9y ago | A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a mali… | |||
| CVE-2017-14086 | high | 7.5 | 8.5 | 9y ago | Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executabl… | |||
| CVE-2017-14083 | high | 7.5 | 8.5 | 9y ago | A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | |||
| CVE-2017-15035 | high | 7.5 | 8.5 | 9y ago | EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash). | |||
| CVE-2017-14496 | high | 7.5 | 8.5 | 9y ago | multiple issues in dnsmasq | |||
| CVE-2017-14495 | high | 7.5 | 8.5 | 9y ago | multiple issues in dnsmasq | |||
| CVE-2017-14680 | high | 7.5 | 8.5 | 9y ago | ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. | |||
| CVE-2017-7924 | high | 7.5 | 8.5 | 9y ago | An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could s… | |||
| CVE-2017-8770 | high | 7.5 | 8.5 | 9y ago | There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. | |||
| CVE-2017-9798 | high | 7.5 | 8.5 | 9y ago | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb… | |||
| CVE-2017-8755 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting eng… | |||
| CVE-2017-8751 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft… | |||
| CVE-2017-8740 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in… | |||
| CVE-2017-8734 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E… | |||
| CVE-2017-8731 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses object… | |||
| CVE-2017-8729 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in… | |||
| CVE-2017-11764 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scri… | |||
| CVE-2017-14335 | high | 7.5 | 8.5 | 9y ago | On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. | |||
| CVE-2017-0901 | high | 7.5 | 8.5 | 9y ago | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | |||
| CVE-2017-11662 | high | 7.5 | 8.5 | 9y ago | The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-11661 | high | 7.5 | 8.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-8671 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser … | |||
| CVE-2017-8670 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaSc… | |||
| CVE-2017-8657 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser … | |||
| CVE-2017-8656 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaSc… | |||
| CVE-2017-8646 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript… | |||
| CVE-2017-8645 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript… | |||
| CVE-2017-8641 | high | 7.5 | 8.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8640 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser Java… | |||
| CVE-2017-8636 | high | 7.5 | 8.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8635 | high | 7.5 | 8.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8634 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content whe… | |||
| CVE-2017-11155 | high | 7.5 | 8.5 | 9y ago | An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | |||
| CVE-2017-11152 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | |||
| CVE-2017-9415 | high | 7.5 | 8.5 | 9y ago | Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change password… | |||
| CVE-2017-11469 | high | 7.5 | 8.5 | 9y ago | get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | |||
| CVE-2017-11456 | high | 7.5 | 8.5 | 9y ago | Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. | |||
| CVE-2017-9812 | high | 7.5 | 8.5 | 9y ago | The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.31… | |||
| CVE-2017-1000028 | high | 7.5 | 8.5 | 9y ago | Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP G… | |||
| CVE-2017-8618 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 In… | |||
| CVE-2017-8601 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fa… | |||
| CVE-2017-8594 | high | 7.5 | 8.5 | 9y ago | Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improp… | |||
| CVE-2017-10974 | high | 7.5 | 8.5 | 9y ago | Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protec… | |||
| CVE-2017-10688 | high | 7.5 | 8.5 | 9y ago | In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-9833 | high | 7.5 | 8.5 | 9y ago | /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a … | |||
| CVE-2017-9675 | high | 7.5 | 8.5 | 9y ago | On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. |