Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17821 1 Apple 1 Safari 2018-01-10 7.5 HIGH 9.8 CRITICAL
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.
CVE-2017-17931 1 Resume Clone Script Project 1 Resume Clone Script 2018-01-10 7.5 HIGH 9.8 CRITICAL
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.
CVE-2017-17928 1 Ordermanagementscript 1 Professional Service Script 2018-01-10 7.5 HIGH 9.8 CRITICAL
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.
CVE-2015-7224 1 Puppet 1 Puppetlabs-mysql 2018-01-09 7.5 HIGH 9.8 CRITICAL
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.
CVE-2017-17873 1 Vanguard Project 1 Marketplace Digital Products Php 2018-01-09 7.5 HIGH 9.8 CRITICAL
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVE-2017-17892 1 Readymade Video Sharing Script Project 1 Readymade Video Sharing Script 2018-01-09 7.5 HIGH 9.8 CRITICAL
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.
CVE-2017-17906 1 Car Rental Script Project 1 Car Rental Script 2018-01-09 7.5 HIGH 9.8 CRITICAL
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
CVE-2017-17895 1 Basic Job Site Script Project 1 Basic Job Site Script 2018-01-09 7.5 HIGH 9.8 CRITICAL
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.
CVE-2017-17900 1 Dolibarr 1 Dolibarr 2018-01-09 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.
CVE-2017-17899 1 Dolibarr 1 Dolibarr 2018-01-09 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
CVE-2017-17897 1 Dolibarr 1 Dolibarr 2018-01-09 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2017-17992 1 Iwcnetwork 1 Biometric Shift Employee Management System 2018-01-09 5.0 MEDIUM 9.8 CRITICAL
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
CVE-2017-17645 1 Phpautoclassifiedscript 1 Bus Booking Script 2018-01-05 7.5 HIGH 9.8 CRITICAL
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
CVE-2017-2928 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.
CVE-2016-9537 1 Libtiff 1 Libtiff 2018-01-05 7.5 HIGH 9.8 CRITICAL
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
CVE-2016-9540 1 Libtiff 1 Libtiff 2018-01-05 7.5 HIGH 9.8 CRITICAL
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
CVE-2016-9536 1 Libtiff 1 Libtiff 2018-01-05 7.5 HIGH 9.8 CRITICAL
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
CVE-2016-9535 1 Libtiff 1 Libtiff 2018-01-05 7.5 HIGH 9.8 CRITICAL
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
CVE-2016-9534 1 Libtiff 1 Libtiff 2018-01-05 7.5 HIGH 9.8 CRITICAL
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
CVE-2016-9533 1 Libtiff 1 Libtiff 2018-01-05 7.5 HIGH 9.8 CRITICAL
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
CVE-2016-8638 1 Ipsilon Project 1 Ipsilon 2018-01-05 6.4 MEDIUM 9.1 CRITICAL
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."
CVE-2016-7979 1 Artifex 1 Ghostscript 2018-01-05 7.5 HIGH 9.8 CRITICAL
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
CVE-2016-7978 1 Artifex 1 Ghostscript 2018-01-05 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
CVE-2016-7975 1 Tcpdump 1 Tcpdump 2018-01-05 7.5 HIGH 9.8 CRITICAL
The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
CVE-2016-7974 1 Tcpdump 1 Tcpdump 2018-01-05 7.5 HIGH 9.8 CRITICAL
The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
CVE-2016-7973 1 Tcpdump 1 Tcpdump 2018-01-05 7.5 HIGH 9.8 CRITICAL
The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
CVE-2016-7129 1 Php 1 Php 2018-01-05 7.5 HIGH 9.8 CRITICAL
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.
CVE-2016-7127 1 Php 1 Php 2018-01-05 7.5 HIGH 9.8 CRITICAL
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.
CVE-2016-7124 1 Php 1 Php 2018-01-05 7.5 HIGH 9.8 CRITICAL
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.
CVE-2016-7117 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2018-01-05 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2016-8705 1 Memcached 1 Memcached 2018-01-05 7.5 HIGH 9.8 CRITICAL
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CVE-2016-7020 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
CVE-2016-6983 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.
CVE-2016-6296 1 Php 1 Php 2018-01-05 7.5 HIGH 9.8 CRITICAL
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.
CVE-2016-6295 1 Php 1 Php 2018-01-05 7.5 HIGH 9.8 CRITICAL
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.
CVE-2016-6294 1 Php 1 Php 2018-01-05 7.5 HIGH 9.8 CRITICAL
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.
CVE-2016-6291 1 Php 1 Php 2018-01-05 7.5 HIGH 9.8 CRITICAL
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.
CVE-2016-6290 1 Php 1 Php 2018-01-05 7.5 HIGH 9.8 CRITICAL
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.
CVE-2016-6288 1 Php 1 Php 2018-01-05 7.5 HIGH 9.8 CRITICAL
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
CVE-2016-7983 1 Tcpdump 1 Tcpdump 2018-01-05 7.5 HIGH 9.8 CRITICAL
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
CVE-2017-5342 1 Tcpdump 1 Tcpdump 2018-01-05 7.5 HIGH 9.8 CRITICAL
In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().
CVE-2017-5341 1 Tcpdump 1 Tcpdump 2018-01-05 7.5 HIGH 9.8 CRITICAL
The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().
CVE-2017-2937 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2936 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2935 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2934 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2933 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2932 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2931 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2930 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-01-05 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.