Latest CVE Feed
-
9.8
CRITICALCVE-2017-8798
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.... Read more
- EPSS Score: %21.50
- Published: May. 11, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-8013
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". A... Read more
Affected Products : data_protection_advisor- EPSS Score: %1.38
- Published: Mar. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7925
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HC... Read more
- EPSS Score: %78.95
- Published: May. 06, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7902
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 ... Read more
- EPSS Score: %0.04
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7899
An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; ... Read more
- EPSS Score: %3.54
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7862
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.... Read more
Affected Products : ffmpeg- EPSS Score: %1.66
- Published: Apr. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7614
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash... Read more
Affected Products : binutils- EPSS Score: %0.46
- Published: Apr. 09, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7129
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remot... Read more
- EPSS Score: %1.73
- Published: Oct. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7123
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified... Read more
- EPSS Score: %0.79
- Published: Oct. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6925
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities t... Read more
Affected Products : drupal- EPSS Score: %0.66
- Published: Jan. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-6886
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.... Read more
Affected Products : libraw- EPSS Score: %0.58
- Published: May. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6747
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assign... Read more
Affected Products : identity_services_engine- EPSS Score: %2.25
- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6350
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.... Read more
Affected Products : vim- EPSS Score: %0.77
- Published: Feb. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5460
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox... Read more
- EPSS Score: %2.02
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5441
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.... Read more
- EPSS Score: %2.02
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5440
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This v... Read more
- EPSS Score: %2.02
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5402
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.... Read more
- EPSS Score: %2.66
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5342
In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().... Read more
Affected Products : tcpdump- EPSS Score: %0.93
- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-4907
VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.... Read more
- EPSS Score: %1.99
- Published: Jun. 08, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-2428
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It al... Read more
- EPSS Score: %0.73
- Published: Apr. 02, 2017
- Modified: Apr. 20, 2025