CVEs from 2017
Total
11,610
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8548 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge imprope… | |||
| CVE-2017-8496 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, ak… | |||
| CVE-2017-7314 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available. | |||
| CVE-2017-9353 | high | 7.5 | 8.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. | |||
| CVE-2017-9347 | high | 7.5 | 8.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. | |||
| CVE-2017-9024 | high | 7.5 | 8.5 | 9y ago | Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via… | |||
| CVE-2017-5177 | high | 7.5 | 8.5 | 9y ago | A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafte… | |||
| CVE-2017-7478 | high | 7.5 | 8.5 | 9y ago | OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | |||
| CVE-2017-3730 | high | 7.5 | 8.5 | 9y ago | In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a … | |||
| CVE-2017-8779 | high | 7.5 | 8.5 | 9y ago | denial of service in rpcbind | |||
| CVE-2017-8223 | high | 7.5 | 8.5 | 9y ago | On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0. | |||
| CVE-2017-8222 | high | 7.5 | 8.5 | 9y ago | Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to o… | |||
| CVE-2017-8221 | high | 7.5 | 8.5 | 9y ago | Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote atta… | |||
| CVE-2017-3599 | high | 7.5 | 8.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploit… | |||
| CVE-2017-7456 | high | 7.5 | 8.5 | 9y ago | Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. | |||
| CVE-2017-7455 | high | 7.5 | 8.5 | 9y ago | Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. | |||
| CVE-2017-0202 | high | 7.5 | 8.5 | 9y ago | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrar… | |||
| CVE-2017-7185 | high | 7.5 | 8.5 | 9y ago | Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows r… | |||
| CVE-2017-6190 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" r… | |||
| CVE-2017-6019 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot. | |||
| CVE-2017-7397 | high | 7.5 | 8.5 | 9y ago | BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This… | |||
| CVE-2017-1001000 | high | 7.5 | 8.5 | 9y ago | The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows … | |||
| CVE-2017-7285 | high | 7.5 | 8.5 | 9y ago | A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, prevent… | |||
| CVE-2017-7183 | high | 7.5 | 8.5 | 9y ago | The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message. | |||
| CVE-2017-5850 | high | 7.5 | 8.5 | 9y ago | httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header. | |||
| CVE-2017-7240 | high | 7.5 | 8.5 | 9y ago | An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefor… | |||
| CVE-2017-5227 | high | 7.5 | 8.5 | 9y ago | QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration… | |||
| CVE-2017-0070 | high | 7.5 | 8.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-6510 | high | 7.5 | 8.5 | 9y ago | Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory. | |||
| CVE-2017-5359 | high | 7.5 | 8.5 | 9y ago | EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI. | |||
| CVE-2017-6367 | high | 7.5 | 8.5 | 9y ago | In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header. | |||
| CVE-2017-6444 | high | 7.5 | 8.5 | 9y ago | The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU… | |||
| CVE-2017-6427 | high | 7.5 | 8.5 | 9y ago | A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a… | |||
| CVE-2017-6527 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the… | |||
| CVE-2017-6552 | high | 7.5 | 8.5 | 9y ago | Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue… | |||
| CVE-2017-6104 | high | 7.5 | 8.5 | 9y ago | Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | |||
| CVE-2017-5982 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by … | |||
| CVE-2017-6206 | high | 7.5 | 8.5 | 9y ago | D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated I… | |||
| CVE-2017-5991 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pix… | |||
| CVE-2017-5972 | high | 7.5 | 8.5 | 9y ago | The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of servi… | |||
| CVE-2017-5146 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text. | |||
| CVE-2017-5630 | high | 7.5 | 8.5 | 10y ago | PEAR core file overwrite vulnerability | |||
| CVE-2017-5594 | high | 7.5 | 8.5 | 10y ago | Pagekit Weak Password Recovery Mechanism for Forgotten Password | |||
| CVE-2017-15357 | high | 7.4 | 8.4 | 9y ago | The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | |||
| CVE-2017-6168 | high | 7.4 | 8.4 | 9y ago | On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may b… | |||
| CVE-2017-15643 | high | 7.4 | 8.4 | 9y ago | An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum … | |||
| CVE-2017-1000364 | high | 7.4 | 8.4 | 9y ago | An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this af… | |||
| CVE-2017-9355 | high | 7.4 | 8.4 | 9y ago | XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist… | |||
| CVE-2017-11657 | high | 7.3 | 8.3 | 9y ago | Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory. | |||
| CVE-2017-1297 | high | 7.3 | 8.3 | 9y ago | IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a loca… | |||
| CVE-2017-7180 | high | 7.3 | 8.3 | 9y ago | Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privi… | |||
| CVE-2017-7358 | high | 7.3 | 8.3 | 9y ago | In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user … | |||
| CVE-2017-12636 | high | 7.2 | 8.2 | 9y ago | multiple issues in couchdb | |||
| CVE-2017-1000119 | high | 7.2 | 8.2 | 9y ago | October CMS PHP Code Execution | |||
| CVE-2017-11321 | high | 7.2 | 8.2 | 9y ago | The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. | |||
| CVE-2017-11154 | high | 7.2 | 8.2 | 9y ago | Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type paramete… | |||
| CVE-2017-8912 | high | 7.2 | 8.2 | 9y ago | CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTa… | |||
| CVE-2017-6554 | high | 7.2 | 8.2 | 9y ago | pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privil… | |||
| CVE-2017-6088 | high | 7.2 | 8.2 | 9y ago | Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (… | |||
| CVE-2017-6098 | high | 7.2 | 8.2 | 9y ago | A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parame… | |||
| CVE-2017-6097 | high | 7.2 | 8.2 | 9y ago | A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the PO… | |||
| CVE-2017-6096 | high | 7.2 | 8.2 | 9y ago | A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Param… | |||
| CVE-2017-13878 | high | 7.1 | 8.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read res… | |||
| CVE-2017-6331 | high | 7.1 | 8.1 | 9y ago | Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that … | |||
| CVE-2017-10309 | high | 7.1 | 8.1 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthentic… | |||
| CVE-2017-1000405 | high | 7.0 | 8.0 | 9y ago | The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In suc… | |||
| CVE-2017-15884 | high | 7.0 | 8.0 | 9y ago | In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | |||
| CVE-2017-1000112 | high | 7.0 | 8.0 | 9y ago | Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two… | |||
| CVE-2017-9644 | high | 7.0 | 8.0 | 9y ago | An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu … | |||
| CVE-2017-10661 | high | 7.0 | 8.0 | 9y ago | Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descript… | |||
| CVE-2017-7533 | high | 7.0 | 8.0 | 9y ago | Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that … | |||
| CVE-2017-6979 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2533 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in… | |||
| CVE-2017-2501 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-0214 | high | 7.0 | 8.0 | 9y ago | Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 201… | |||
| CVE-2017-0569 | high | 7.0 | 8.0 | 9y ago | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-2478 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2456 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-5899 | high | 7.0 | 8.0 | 9y ago | Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a … | |||
| CVE-2017-0103 | high | 7.0 | 8.0 | 9y ago | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privi… | |||
| CVE-2017-7918 | medium | 6.8 | 7.8 | 9y ago | An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups u… | |||
| CVE-2017-11823 | medium | 6.7 | 7.7 | 9y ago | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microso… | |||
| CVE-2017-6516 | medium | 6.7 | 7.7 | 9y ago | A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-… | |||
| CVE-2017-7154 | medium | 6.6 | 7.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows lo… | |||
| CVE-2017-11885 | medium | 6.6 | 7.6 | 9y ago | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709… | |||
| CVE-2017-7938 | medium | 6.6 | 7.6 | 9y ago | Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other i… | |||
| CVE-2017-16787 | medium | 6.5 | 7.5 | 9y ago | The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | |||
| CVE-2017-16353 | medium | 6.5 | 7.5 | 9y ago | GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The p… | |||
| CVE-2017-15639 | medium | 6.5 | 7.5 | 9y ago | tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. | |||
| CVE-2017-15359 | medium | 6.5 | 7.5 | 9y ago | In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInf… | |||
| CVE-2017-15084 | medium | 6.5 | 7.5 | 9y ago | The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | |||
| CVE-2017-14841 | medium | 6.5 | 7.5 | 9y ago | Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | |||
| CVE-2017-0785 | medium | 6.5 | 7.5 | 9y ago | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | |||
| CVE-2017-1130 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h… | |||
| CVE-2017-1129 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213… | |||
| CVE-2017-12954 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. | |||
| CVE-2017-12953 | medium | 6.5 | 7.5 | 9y ago | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. | |||
| CVE-2017-12952 | medium | 6.5 | 7.5 | 9y ago | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||
| CVE-2017-12951 | medium | 6.5 | 7.5 | 9y ago | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a craft… | |||
| CVE-2017-12950 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. |