All CVEs — 2017 (Page 3/103)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2017-12-21

Medium

CVE-2017-0304

A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact t…

CVSS: 5.4 CWE: CWE-89

Critical

CVE-2017-17033

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers t…

CVSS: 9.8 CWE: CWE-119

Critical

CVE-2017-17032

CVSS: 9.8 CWE: CWE-119

Critical

CVE-2017-17031

CVSS: 9.8 CWE: CWE-119

Critical

CVE-2017-17030

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to e…

CVSS: 9.8 CWE: CWE-119

Critical

CVE-2017-17029

CVSS: 9.8 CWE: CWE-119

Critical

CVE-2017-17028

A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote atta…

CVSS: 9.8 CWE: CWE-119

Critical

CVE-2017-17027

A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to exec…

CVSS: 9.8 CWE: CWE-119

Critical

CVE-2015-7224

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host…

CVSS: 9.8 CWE: CWE-287

Medium

CVE-2015-4100

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Author…

CVSS: 6.8 CWE: CWE-295

Critical

CVE-2017-17411

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exis…

CVSS: 9.8 CWE: CWE-78

High

CVE-2017-17410

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in t…

CVSS: 8.8 CWE: CWE-787

High

CVE-2017-17409

CVSS: 8.8 CWE: CWE-190

High

CVE-2017-17408

CVSS: 8.8 CWE: CWE-190

High

CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within…

CVSS: 8.8 CWE: CWE-20

Medium

CVE-2017-17830

Bus Booking Script has CSRF via admin/new_master.php.

CVSS: 6.8 CWE: CWE-352

High

CVE-2017-17829

Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.

CVSS: 7.2 CWE: CWE-89

Medium

CVE-2017-17828

Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.

CVSS: 4.8 CWE: CWE-79

High

CVE-2017-17827

Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin use…

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2017-17826

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. An attacker can e…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2017-17825

The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit…

CVSS: 4.8 CWE: CWE-79

Medium

CVE-2017-17824

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the…

CVSS: 4.9 CWE: CWE-89

Medium

CVE-2017-17823

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a conne…

CVSS: 4.9 CWE: CWE-89

Medium

CVE-2017-17822

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MyS…

CVSS: 4.9 CWE: CWE-89

Critical

CVE-2017-17821

WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other im…

CVSS: 9.8 CWE: CWE-119

Medium

CVE-2017-17820

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.

CVSS: 5.5 CWE: CWE-416

Medium

CVE-2017-17819

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with…

CVSS: 5.5 CWE: CWE-476

High

CVE-2017-17818

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.

CVSS: 7.5 CWE: CWE-125

Medium

CVE-2017-17817

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.

CVSS: 5.5 CWE: CWE-416

Medium

CVE-2017-17816

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.

CVSS: 5.5 CWE: CWE-416

Medium

CVE-2017-17815

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relations…

CVSS: 5.5 CWE: CWE-754

Medium

CVE-2017-17814

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.

CVSS: 5.5 CWE: CWE-416

Medium

CVE-2017-17813

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syn…

CVSS: 5.5 CWE: CWE-416

Medium

CVE-2017-17812

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.

CVSS: 5.5 CWE: CWE-125

Medium

CVE-2017-17811

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to…

CVSS: 5.5 CWE: CWE-119

Medium

CVE-2017-17810

In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of…

CVSS: 5.5 CWE: CWE-20

2017-12-20

High

CVE-2017-17809

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the argum…

CVSS: 7.8 CWE: CWE-426

Low

CVE-2017-17807

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing…

CVSS: 3.3 CWE: CWE-862

High

CVE-2017-17806

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_A…

CVSS: 7.8 CWE: CWE-787

High

CVE-2017-17805

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYP…

CVSS: 7.8 CWE: CWE-20

High

CVE-2017-14385

An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior t…

CVSS: 7.5 CWE: CWE-119

High

CVE-2017-5263

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session token…

CVSS: 8.0 CWE: CWE-352

High

CVE-2017-5262

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.

CVSS: 8.0 CWE: CWE-200

High

CVE-2017-5261

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to…

CVSS: 8.8 CWE: CWE-472

High

CVE-2017-5260

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' acco…

CVSS: 8.8 CWE: CWE-472

High

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/sysc…

CVSS: 8.8 CWE: CWE-489

Medium

CVE-2017-5258

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2017-5257

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2017-5256

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and tho…

CVSS: 5.4 CWE: CWE-79

High

CVE-2017-5255

In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-…

CVSS: 8.8 CWE: CWE-78

High

CVE-2017-5254

In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after di…

CVSS: 8.8 CWE: CWE-284

Medium

CVE-2011-4955

Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or…

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2012-2576

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote at…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2017-6094

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a cert…

CVSS: 9.8 CWE: CWE-200

Medium

CVE-2017-17747

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.

CVSS: 6.5 CWE: CWE-306

Medium

CVE-2017-17746

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authenticati…

CVSS: 6.8 CWE: CWE-306

Medium

CVE-2017-17745

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2017-16735

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.

CVSS: 5.3 CWE: CWE-89

Medium

CVE-2017-16733

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information…

CVSS: 5.3 CWE: CWE-89

High

CVE-2017-16731

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentic…

CVSS: 8.8 CWE: CWE-523

Critical

CVE-2017-16725

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identifie…

CVSS: 9.8 CWE: CWE-119

High

CVE-2017-16717

A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CVSS: 8.6 CWE: CWE-122

High

CVE-2017-1757

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in…

CVSS: 8.8 CWE: CWE-89

Medium

CVE-2017-1751

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th…

CVSS: 5.4 CWE: CWE-79

High

CVE-2017-1746

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from…

CVSS: 8.8 CWE: CWE-352

High

CVE-2017-1696

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to…

CVSS: 8.8 CWE: CWE-20

High

CVE-2017-1694

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.

CVSS: 8.1 CWE: CWE-319

High

CVE-2017-1631

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2017-1600

IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…

CVSS: 5.4 CWE: CWE-79

High

CVE-2017-1598

IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.

CVSS: 7.5 CWE: CWE-327

Medium

CVE-2017-1596

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.

CVSS: 5.5 CWE: CWE-200

Medium

CVE-2017-1595

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.

CVSS: 5.5 CWE: CWE-200

Medium

CVE-2017-15532

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stor…

CVSS: 5.7 CWE: CWE-22

High

CVE-2017-14969

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114.

CVSS: 7.8 CWE: CWE-787

High

CVE-2017-14968

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113.

CVSS: 7.8 CWE: CWE-20

High

CVE-2017-14967

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080.

CVSS: 7.8 CWE: CWE-20

High

CVE-2017-14966

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0.

CVSS: 7.8 CWE: CWE-20

High

CVE-2017-14965

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc.

CVSS: 7.8 CWE: CWE-20

High

CVE-2017-14964

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c.

CVSS: 7.8 CWE: CWE-20

High

CVE-2017-14963

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058.

CVSS: 7.8 CWE: CWE-20

High

CVE-2017-14962

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to CVE-2017-171…

CVSS: 7.8 CWE: CWE-787

Medium

CVE-2017-1494

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2017-1423

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.

CVSS: 5.3 CWE: CWE-200

Low

CVE-2017-1270

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cooki…

CVSS: 3.3 CWE: CWE-384

Medium

CVE-2017-1266

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.

CVSS: 5.4 CWE: CWE-732

Medium

CVE-2017-1262

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respo…

CVSS: 6.1 CWE: CWE-113

Low

CVE-2017-1261

IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.

CVSS: 3.3 CWE: CWE-200

Medium

CVE-2017-1257

IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2017-12072

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id par…

CVSS: 5.4 CWE: CWE-79

High

CVE-2017-17476

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequent…

CVSS: 8.8 CWE: CWE-200

Medium

CVE-2017-16818

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privil…

CVSS: 6.5 CWE: CWE-617

Medium

CVE-2017-17752

Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.…

CVSS: 6.1 CWE: CWE-79

High

CVE-2017-4943

VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low p…

CVSS: 7.8 CWE: CWE-787

High

CVE-2017-4941

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2017-4940

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-sit…

CVSS: 6.1 CWE: CWE-79

High

CVE-2017-4933

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap ov…

CVSS: 8.8 CWE: CWE-787

Medium

CVE-2017-16589

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in tha…

CVSS: 6.5 CWE: CWE-125

Medium

CVE-2017-16588

CVSS: 6.5 CWE: CWE-125

High

CVE-2017-16587

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta…

CVSS: 8.8 CWE: CWE-416

High

CVE-2017-16586

CVSS: 8.8 CWE: CWE-416

High

CVE-2017-16585

CVSS: 8.8 CWE: CWE-416

Medium

CVE-2017-16584

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in tha…

CVSS: 6.5 CWE: CWE-125

High

CVE-2017-16583

CVSS: 8.8 CWE: CWE-416

High

CVE-2017-16582

CVSS: 8.8 CWE: CWE-843

High

CVE-2017-16581

CVSS: 8.8 CWE: CWE-416

Medium

CVE-2017-16580

CVSS: 6.5 CWE: CWE-125

Medium

CVE-2017-16579

CVSS: 6.5 CWE: CWE-125

High

CVE-2017-16578

CVSS: 8.8 CWE: CWE-843

High

CVE-2017-16577

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta…

CVSS: 8.8 CWE: CWE-416

High

CVE-2017-16576

CVSS: 8.8 CWE: CWE-416

High

CVE-2017-16575

CVSS: 8.8 CWE: CWE-416

Medium

CVE-2017-16574

CVSS: 6.5 CWE: CWE-125

Medium

CVE-2017-16573

CVSS: 6.5 CWE: CWE-125

High

CVE-2017-16572

CVSS: 8.8 CWE: CWE-843

High

CVE-2017-16571

CVSS: 8.8 CWE: CWE-843

High

CVE-2017-14837

CVSS: 8.8 CWE: CWE-843

High

CVE-2017-14836

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target m…

CVSS: 8.8 CWE: CWE-416

High

CVE-2017-14835

CVSS: 8.8 CWE: CWE-843

High

CVE-2017-14834

CVSS: 8.8 CWE: CWE-416

High

CVE-2017-14833

CVSS: 8.8 CWE: CWE-416