Latest CVE Feed
-
10.0
HIGHCVE-2017-3081
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution.... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-3079
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution.... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-3078
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-3077
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-3076
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-3075
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7679
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.... Read more
Affected Products : http_server- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.... Read more
Affected Products : http_server- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-3167
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-3745
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including adm... Read more
Affected Products : xclarity_administrator- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-3744
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command d... Read more
Affected Products : system_x3100_m4 system_x3250_m4 system_x3300_m4 system_x3500_m4 system_x3530_m4 system_x3550_m4 system_x3630_m4 system_x3650_m4 system_x3650_m4_hd system_x3750_m4 +37 more products- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-3743
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine,... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-3216
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password chang... Read more
Affected Products : ox350_firmware bm2022_firmware hes-309m_firmware hes-319m_firmware hes-319m2w_firmware hes-339m_firmware soho_wireless_router_firmware ox-330p_firmware max218m_firmware max218m1w_firmware +18 more products- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-3215
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions.... Read more
Affected Products : one-key- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-3214
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.... Read more
- Published: Jun. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9763
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, rela... Read more
Affected Products : radare2- Published: Jun. 19, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-9762
The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.... Read more
Affected Products : radare2- Published: Jun. 19, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-9761
The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.... Read more
Affected Products : radare2- Published: Jun. 19, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-1000379
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.... Read more
Affected Products : linux_kernel- Published: Jun. 19, 2017
- Modified: Apr. 20, 2025