CVEs from 2017
Total
11,611
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2788 | critical | 10.0 | 10.0 | 9y ago | A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buf… | |||
| CVE-2017-2785 | critical | 10.0 | 10.0 | 9y ago | An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a he… | |||
| CVE-2017-6465 | critical | 9.8 | 10.0 | 9y ago | Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leadin… | |||
| CVE-2017-6526 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi PO… | |||
| CVE-2017-6558 | critical | 9.8 | 10.0 | 9y ago | iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router… | |||
| CVE-2017-6548 | critical | 9.8 | 10.0 | 9y ago | Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-A… | |||
| CVE-2017-6416 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a … | |||
| CVE-2017-6187 | critical | 9.8 | 10.0 | 9y ago | Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request. | |||
| CVE-2017-5586 | critical | 9.8 | 10.0 | 9y ago | OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons C… | |||
| CVE-2017-6095 | critical | 9.8 | 10.0 | 9y ago | A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id. | |||
| CVE-2017-5344 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query e… | |||
| CVE-2017-5162 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. | |||
| CVE-2017-5145 | critical | 10.0 | 10.0 | 9y ago | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vuln… | |||
| CVE-2017-5941 | critical | 9.8 | 10.0 | 9y ago | Code Execution through IIFE in node-serialize | |||
| CVE-2017-3791 | critical | 10.0 | 10.0 | 10y ago | A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability … | |||
| CVE-2017-3324 | critical | 10.0 | 10.0 | 10y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8… | |||
| CVE-2017-3248 | critical | 9.8 | 10.0 | 10y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. … | |||
| CVE-2017-3241 | critical | 9.0 | 10.0 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u… | |||
| CVE-2017-10272 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerabi… | |||
| CVE-2017-10404 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily e… | |||
| CVE-2017-10396 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.… | |||
| CVE-2017-10352 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12… | |||
| CVE-2017-12251 | critical | 9.9 | 9.9 | 9y ago | A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) op… | |||
| CVE-2017-13706 | critical | 9.9 | 9.9 | 9y ago | XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information,… | |||
| CVE-2017-12822 | critical | 9.9 | 9.9 | 9y ago | Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors. | |||
| CVE-2017-10202 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacke… | |||
| CVE-2017-1253 | critical | 9.9 | 9.9 | 9y ago | IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerabilit… | |||
| CVE-2017-8220 | critical | 9.9 | 9.9 | 9y ago | TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP P… | |||
| CVE-2017-3553 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily "exploitable" vulnerabili… | |||
| CVE-2017-3503 | critical | 9.9 | 9.9 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that a… | |||
| CVE-2017-6513 | critical | 9.9 | 9.9 | 9y ago | The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by V… | |||
| CVE-2017-17095 | high | 8.8 | 9.8 | 3y ago | RHSA-2025:4658: libtiff security update (Moderate) | |||
| CVE-2017-1000116 | critical | 9.8 | 9.8 | 4y ago | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | |||
| CVE-2017-17458 | critical | 9.8 | 9.8 | 4y ago | In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the rep… | |||
| CVE-2017-7550 | critical | 9.8 | 9.8 | 4y ago | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive infor… | |||
| CVE-2017-2096 | critical | 9.8 | 9.8 | 4y ago | smalruby and smalruby-editor vulnerable to OS Command Injection | |||
| CVE-2017-10906 | critical | 9.8 | 9.8 | 4y ago | Fluentd Escape Sequence Injection Vulnerability | |||
| CVE-2017-14851 | critical | 9.8 | 9.8 | 7y ago | A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELEC… | |||
| CVE-2017-14728 | critical | 9.8 | 9.8 | 7y ago | An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force a… | |||
| CVE-2017-0906 | critical | 9.8 | 9.8 | 8y ago | The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result … | |||
| CVE-2017-0889 | critical | 9.8 | 9.8 | 9y ago | paperclip Server-Side Request Forgery vulnerability | |||
| CVE-2017-17992 | critical | 9.8 | 9.8 | 9y ago | Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | |||
| CVE-2017-17974 | critical | 9.8 | 9.8 | 9y ago | BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_s… | |||
| CVE-2017-17959 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | |||
| CVE-2017-17957 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | |||
| CVE-2017-17951 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | |||
| CVE-2017-5641 | critical | 9.8 | 9.8 | 9y ago | Apache Flex BlazeDS unsafe deserialization | |||
| CVE-2017-9944 | critical | 9.8 | 9.8 | 9y ago | A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticat… | |||
| CVE-2017-17931 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | |||
| CVE-2017-17928 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | |||
| CVE-2017-17906 | critical | 9.8 | 9.8 | 9y ago | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | |||
| CVE-2017-17900 | critical | 9.8 | 9.8 | 9y ago | Dolibarr SQL injection vulnerability in fourn/index.php | |||
| CVE-2017-17899 | critical | 9.8 | 9.8 | 9y ago | Dolibarr SQL injection vulnerability in adherents/subscription/info.php | |||
| CVE-2017-17897 | critical | 9.8 | 9.8 | 9y ago | Dolibarr SQL injection vulnerability in comm/multiprix.php | |||
| CVE-2017-17895 | critical | 9.8 | 9.8 | 9y ago | Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | |||
| CVE-2017-17892 | critical | 9.8 | 9.8 | 9y ago | Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | |||
| CVE-2017-17878 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" settin… | |||
| CVE-2017-17877 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless ad… | |||
| CVE-2017-17874 | high | 8.8 | 9.8 | 9y ago | Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | |||
| CVE-2017-17033 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers t… | |||
| CVE-2017-17032 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers t… | |||
| CVE-2017-17031 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers t… | |||
| CVE-2017-17030 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to e… | |||
| CVE-2017-17029 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to e… | |||
| CVE-2017-17028 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote atta… | |||
| CVE-2017-17027 | critical | 9.8 | 9.8 | 9y ago | A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to exec… | |||
| CVE-2017-17821 | critical | 9.8 | 9.8 | 9y ago | WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other im… | |||
| CVE-2017-5261 | high | 8.8 | 9.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to … | |||
| CVE-2017-5260 | high | 8.8 | 9.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' acco… | |||
| CVE-2017-5259 | high | 8.8 | 9.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/sysc… | |||
| CVE-2017-5255 | high | 8.8 | 9.8 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-… | |||
| CVE-2017-5254 | high | 8.8 | 9.8 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after di… | |||
| CVE-2017-6094 | critical | 9.8 | 9.8 | 9y ago | CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a cert… | |||
| CVE-2017-16725 | critical | 9.8 | 9.8 | 9y ago | A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identifie… | |||
| CVE-2017-17794 | critical | 9.8 | 9.8 | 9y ago | validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. | |||
| CVE-2017-17790 | critical | 9.8 | 9.8 | 9y ago | The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|… | |||
| CVE-2017-17779 | critical | 9.8 | 9.8 | 9y ago | Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | |||
| CVE-2017-17777 | critical | 9.8 | 9.8 | 9y ago | Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. | |||
| CVE-2017-15049 | high | 8.8 | 9.8 | 9y ago | The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary… | |||
| CVE-2017-15048 | high | 8.8 | 9.8 | 9y ago | Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handle… | |||
| CVE-2017-17107 | critical | 9.8 | 9.8 | 9y ago | Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to acces… | |||
| CVE-2017-17106 | critical | 9.8 | 9.8 | 9y ago | Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerabil… | |||
| CVE-2017-15877 | critical | 9.8 | 9.8 | 9y ago | Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | |||
| CVE-2017-15875 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | |||
| CVE-2017-17735 | critical | 9.8 | 9.8 | 9y ago | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | |||
| CVE-2017-17734 | critical | 9.8 | 9.8 | 9y ago | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | |||
| CVE-2017-17733 | critical | 9.8 | 9.8 | 9y ago | Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request. | |||
| CVE-2017-17731 | critical | 9.8 | 9.8 | 9y ago | DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | |||
| CVE-2017-17730 | critical | 9.8 | 9.8 | 9y ago | DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | |||
| CVE-2017-17717 | critical | 9.8 | 9.8 | 9y ago | Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | |||
| CVE-2017-17713 | critical | 9.8 | 9.8 | 9y ago | Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter,… | |||
| CVE-2017-3192 | critical | 9.8 | 9.8 | 9y ago | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 e… | |||
| CVE-2017-3191 | critical | 9.8 | 9.8 | 9y ago | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login … | |||
| CVE-2017-3186 | critical | 9.8 | 9.8 | 9y ago | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a dev… | |||
| CVE-2017-3185 | critical | 9.8 | 9.8 | 9y ago | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such… | |||
| CVE-2017-3184 | critical | 9.8 | 9.8 | 9y ago | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit… | |||
| CVE-2017-10904 | critical | 9.8 | 9.8 | 9y ago | Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-17701 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request. | |||
| CVE-2017-17700 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request. | |||
| CVE-2017-17699 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request. |