| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
601 |
CVE-2017-8678 |
200 |
|
+Info |
2017-09-12 |
2017-09-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. |
|
602 |
CVE-2017-8677 |
200 |
|
+Info |
2017-09-12 |
2017-09-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. |
|
603 |
CVE-2017-8676 |
200 |
|
+Info |
2017-09-12 |
2017-09-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability." |
|
604 |
CVE-2017-8668 |
200 |
|
+Info |
2017-08-08 |
2017-08-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability". |
|
605 |
CVE-2017-8666 |
200 |
|
+Info |
2017-08-08 |
2017-08-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability". |
|
606 |
CVE-2017-8637 |
284 |
|
Bypass |
2017-08-08 |
2017-08-14 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability". |
|
607 |
CVE-2017-8575 |
200 |
|
+Info |
2017-06-29 |
2017-07-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability." |
|
608 |
CVE-2017-8564 |
200 |
|
+Info |
2017-07-11 |
2017-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability". |
|
609 |
CVE-2017-8557 |
611 |
|
|
2017-07-11 |
2017-09-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability". |
|
610 |
CVE-2017-8544 |
200 |
|
+Info |
2017-06-14 |
2017-06-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability". |
|
611 |
CVE-2017-8493 |
254 |
|
Bypass |
2017-06-14 |
2017-07-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability". |
|
612 |
CVE-2017-8469 |
200 |
|
+Info |
2017-06-14 |
2017-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
613 |
CVE-2017-8445 |
295 |
|
|
2017-08-18 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates. |
|
614 |
CVE-2017-8418 |
254 |
|
|
2017-05-02 |
2017-05-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. |
|
615 |
CVE-2017-8391 |
200 |
|
+Info |
2017-05-05 |
2017-07-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. |
|
616 |
CVE-2017-8372 |
20 |
|
DoS |
2017-04-30 |
2018-05-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. |
|
617 |
CVE-2017-8360 |
200 |
|
+Info |
2017-05-12 |
2017-07-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process. |
|
618 |
CVE-2017-8301 |
254 |
|
|
2017-04-27 |
2017-05-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. |
|
619 |
CVE-2017-8281 |
362 |
|
|
2017-09-21 |
2017-12-05 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. |
|
620 |
CVE-2017-8173 |
264 |
|
Bypass |
2017-11-22 |
2017-12-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. |
|
621 |
CVE-2017-8154 |
284 |
|
|
2018-04-11 |
2018-05-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes. |
|
622 |
CVE-2017-8118 |
200 |
|
+Info |
2017-11-22 |
2017-12-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. |
|
623 |
CVE-2017-8109 |
200 |
|
+Info |
2017-04-25 |
2017-05-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients). |
|
624 |
CVE-2017-8071 |
404 |
|
DoS |
2017-04-23 |
2017-04-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors. |
|
625 |
CVE-2017-8001 |
255 |
|
|
2017-11-28 |
2017-12-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. |
|
626 |
CVE-2017-7967 |
119 |
|
Overflow Mem. Corr. |
2017-05-09 |
2017-05-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol. |
|
627 |
CVE-2017-7849 |
264 |
|
DoS |
2017-04-19 |
2017-04-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. |
|
628 |
CVE-2017-7768 |
200 |
|
+Priv Bypass +Info |
2018-06-11 |
2018-08-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. |
|
629 |
CVE-2017-7767 |
264 |
|
|
2018-06-11 |
2018-08-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. |
|
630 |
CVE-2017-7718 |
125 |
|
DoS |
2017-04-20 |
2018-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. |
|
631 |
CVE-2017-7616 |
388 |
|
+Info |
2017-04-10 |
2018-06-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. |
|
632 |
CVE-2017-7519 |
134 |
|
|
2018-07-27 |
2018-11-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library. |
|
633 |
CVE-2017-7495 |
200 |
|
+Info |
2017-05-15 |
2017-09-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. |
|
634 |
CVE-2017-7418 |
59 |
|
Bypass |
2017-04-04 |
2017-04-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user. |
|
635 |
CVE-2017-7407 |
200 |
|
+Info |
2017-04-03 |
2018-11-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. |
|
636 |
CVE-2017-7377 |
399 |
|
DoS |
2017-04-10 |
2018-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. |
|
637 |
CVE-2017-7305 |
284 |
|
|
2017-04-04 |
2017-04-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
** DISPUTED ** Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs. |
|
638 |
CVE-2017-7150 |
284 |
|
Bypass |
2017-10-22 |
2017-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click. |
|
639 |
CVE-2017-7149 |
200 |
|
+Info |
2017-10-22 |
2017-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value. |
|
640 |
CVE-2017-7143 |
200 |
|
+Info |
2017-10-22 |
2017-10-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness. |
|
641 |
CVE-2017-7139 |
200 |
|
+Info |
2017-10-22 |
2017-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action. |
|
642 |
CVE-2017-7138 |
200 |
|
+Info |
2017-10-22 |
2017-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner. |
|
643 |
CVE-2017-7113 |
200 |
|
Bypass +Info |
2017-11-12 |
2017-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event. |
|
644 |
CVE-2017-7082 |
200 |
|
+Info |
2017-10-22 |
2017-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts. |
|
645 |
CVE-2017-7075 |
200 |
|
+Info |
2018-04-03 |
2018-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content. |
|
646 |
CVE-2017-7058 |
200 |
|
+Info |
2017-07-20 |
2017-07-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Notifications" component. It allows physically proximate attackers to read unintended notifications on the lock screen. |
|
647 |
CVE-2017-7006 |
361 |
|
Bypass +Info |
2017-07-20 |
2017-10-15 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters. |
|
648 |
CVE-2017-6911 |
254 |
|
|
2017-03-23 |
2018-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack. |
|
649 |
CVE-2017-6883 |
200 |
|
DoS Exec Code +Info |
2017-03-14 |
2017-03-15 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. |
|
650 |
CVE-2017-6726 |
200 |
|
+Info |
2017-07-10 |
2017-07-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.2(1.0)P1. |
