CVEs from 2017
Total
11,611
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6526 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi PO… | |||
| CVE-2017-6558 | critical | 9.8 | 10.0 | 9y ago | iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router… | |||
| CVE-2017-6548 | critical | 9.8 | 10.0 | 9y ago | Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-A… | |||
| CVE-2017-6416 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a … | |||
| CVE-2017-6187 | critical | 9.8 | 10.0 | 9y ago | Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request. | |||
| CVE-2017-5586 | critical | 9.8 | 10.0 | 9y ago | OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons C… | |||
| CVE-2017-6095 | critical | 9.8 | 10.0 | 9y ago | A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id. | |||
| CVE-2017-5344 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query e… | |||
| CVE-2017-5162 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. | |||
| CVE-2017-5145 | critical | 10.0 | 10.0 | 9y ago | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vuln… | |||
| CVE-2017-5941 | critical | 9.8 | 10.0 | 9y ago | Code Execution through IIFE in node-serialize | |||
| CVE-2017-3791 | critical | 10.0 | 10.0 | 10y ago | A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability … | |||
| CVE-2017-3324 | critical | 10.0 | 10.0 | 10y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8… | |||
| CVE-2017-3248 | critical | 9.8 | 10.0 | 10y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. … | |||
| CVE-2017-3241 | critical | 9.0 | 10.0 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u… | |||
| CVE-2017-10272 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerabi… | |||
| CVE-2017-10404 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily e… | |||
| CVE-2017-10396 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.… | |||
| CVE-2017-10352 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12… | |||
| CVE-2017-12251 | critical | 9.9 | 9.9 | 9y ago | A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) op… | |||
| CVE-2017-13706 | critical | 9.9 | 9.9 | 9y ago | XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information,… | |||
| CVE-2017-12822 | critical | 9.9 | 9.9 | 9y ago | Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors. | |||
| CVE-2017-10202 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacke… | |||
| CVE-2017-1253 | critical | 9.9 | 9.9 | 9y ago | IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerabilit… | |||
| CVE-2017-8220 | critical | 9.9 | 9.9 | 9y ago | TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP P… | |||
| CVE-2017-3553 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily "exploitable" vulnerabili… | |||
| CVE-2017-3503 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that a… | |||
| CVE-2017-6513 | critical | 9.9 | 9.9 | 9y ago | The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by V… | |||
| CVE-2017-1000116 | critical | 9.8 | 9.8 | 4y ago | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | |||
| CVE-2017-17458 | critical | 9.8 | 9.8 | 4y ago | In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the rep… | |||
| CVE-2017-7550 | critical | 9.8 | 9.8 | 4y ago | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive infor… | |||
| CVE-2017-10906 | critical | 9.8 | 9.8 | 4y ago | Fluentd Escape Sequence Injection Vulnerability | |||
| CVE-2017-2096 | critical | 9.8 | 9.8 | 4y ago | smalruby and smalruby-editor vulnerable to OS Command Injection | |||
| CVE-2017-14851 | critical | 9.8 | 9.8 | 7y ago | A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELEC… | |||
| CVE-2017-14728 | critical | 9.8 | 9.8 | 7y ago | An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force a… | |||
| CVE-2017-0906 | critical | 9.8 | 9.8 | 8y ago | The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result … | |||
| CVE-2017-0889 | critical | 9.8 | 9.8 | 9y ago | paperclip Server-Side Request Forgery vulnerability | |||
| CVE-2017-17992 | critical | 9.8 | 9.8 | 9y ago | Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | |||
| CVE-2017-17974 | critical | 9.8 | 9.8 | 9y ago | BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_s… | |||
| CVE-2017-17959 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | |||
| CVE-2017-17957 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | |||
| CVE-2017-17951 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | |||
| CVE-2017-5641 | critical | 9.8 | 9.8 | 9y ago | Apache Flex BlazeDS unsafe deserialization | |||
| CVE-2017-9944 | critical | 9.8 | 9.8 | 9y ago | A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticat… | |||
| CVE-2017-17931 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | |||
| CVE-2017-17928 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | |||
| CVE-2017-17906 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | |||
| CVE-2017-17900 | critical | 9.8 | 9.8 | 9y ago | Dolibarr SQL injection vulnerability in fourn/index.php | |||
| CVE-2017-17899 | critical | 9.8 | 9.8 | 9y ago | Dolibarr SQL injection vulnerability in adherents/subscription/info.php | |||
| CVE-2017-17897 | critical | 9.8 | 9.8 | 9y ago | Dolibarr SQL injection vulnerability in comm/multiprix.php | |||
| CVE-2017-17895 | critical | 9.8 | 9.8 | 9y ago | Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | |||
| CVE-2017-17892 | critical | 9.8 | 9.8 | 9y ago | Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | |||
| CVE-2017-17878 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" settin… | |||
| CVE-2017-17877 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless ad… | |||
| CVE-2017-17033 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers t… | |||
| CVE-2017-17032 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers t… | |||
| CVE-2017-17031 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers t… | |||
| CVE-2017-17030 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to e… | |||
| CVE-2017-17029 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to e… | |||
| CVE-2017-17028 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote atta… | |||
| CVE-2017-17027 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to exec… | |||
| CVE-2017-17821 | critical | 9.8 | 9.8 | 9y ago | WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other im… | |||
| CVE-2017-6094 | critical | 9.8 | 9.8 | 9y ago | CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a cert… | |||
| CVE-2017-16725 | critical | 9.8 | 9.8 | 9y ago | A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identifie… | |||
| CVE-2017-17794 | critical | 9.8 | 9.8 | 9y ago | validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. | |||
| CVE-2017-17790 | critical | 9.8 | 9.8 | 9y ago | The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|… | |||
| CVE-2017-17779 | critical | 9.8 | 9.8 | 9y ago | Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | |||
| CVE-2017-17777 | critical | 9.8 | 9.8 | 9y ago | Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. | |||
| CVE-2017-17107 | critical | 9.8 | 9.8 | 9y ago | Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to acces… | |||
| CVE-2017-17106 | critical | 9.8 | 9.8 | 9y ago | Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerabil… | |||
| CVE-2017-15877 | critical | 9.8 | 9.8 | 9y ago | Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | |||
| CVE-2017-15875 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | |||
| CVE-2017-17735 | critical | 9.8 | 9.8 | 9y ago | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | |||
| CVE-2017-17734 | critical | 9.8 | 9.8 | 9y ago | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | |||
| CVE-2017-17733 | critical | 9.8 | 9.8 | 9y ago | Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request. | |||
| CVE-2017-17731 | critical | 9.8 | 9.8 | 9y ago | DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | |||
| CVE-2017-17730 | critical | 9.8 | 9.8 | 9y ago | DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | |||
| CVE-2017-17717 | critical | 9.8 | 9.8 | 9y ago | Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | |||
| CVE-2017-17713 | critical | 9.8 | 9.8 | 9y ago | Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter,… | |||
| CVE-2017-3192 | critical | 9.8 | 9.8 | 9y ago | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 e… | |||
| CVE-2017-3191 | critical | 9.8 | 9.8 | 9y ago | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login … | |||
| CVE-2017-3186 | critical | 9.8 | 9.8 | 9y ago | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a dev… | |||
| CVE-2017-3185 | critical | 9.8 | 9.8 | 9y ago | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such… | |||
| CVE-2017-3184 | critical | 9.8 | 9.8 | 9y ago | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit… | |||
| CVE-2017-10904 | critical | 9.8 | 9.8 | 9y ago | Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-17701 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request. | |||
| CVE-2017-17700 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request. | |||
| CVE-2017-17699 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request. | |||
| CVE-2017-14101 | critical | 9.8 | 9.8 | 9y ago | A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change H… | |||
| CVE-2017-17671 | critical | 9.8 | 9.8 | 9y ago | vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify … | |||
| CVE-2017-11899 | critical | 9.8 | 9.8 | 9y ago | Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, a… | |||
| CVE-2017-16684 | critical | 9.8 | 9.8 | 9y ago | SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | |||
| CVE-2017-15940 | critical | 9.8 | 9.8 | 9y ago | The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to… | |||
| CVE-2017-15708 | critical | 9.8 | 9.8 | 9y ago | Remote Code Execution in Apache Synapse | |||
| CVE-2017-17499 | critical | 9.8 | 9.8 | 9y ago | ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | |||
| CVE-2017-17484 | critical | 9.8 | 9.8 | 9y ago | The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote a… | |||
| CVE-2017-3114 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co… | |||
| CVE-2017-3112 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co… | |||
| CVE-2017-16398 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-11304 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution. |