CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2351 CVE-2017-11420 119 Exec Code Overflow 2017-07-18 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.
2352 CVE-2017-11402 20 Bypass 2017-11-20 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift.
2353 CVE-2017-11396 2017-09-22 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
2354 CVE-2017-11394 20 Exec Code 2017-08-03 2017-10-13
10.0
None Remote Low Not required Complete Complete Complete
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
2355 CVE-2017-11393 20 Exec Code 2017-08-03 2017-08-05
10.0
None Remote Low Not required Complete Complete Complete
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
2356 CVE-2017-11361 269 2017-07-17 2019-10-02
9.0
Admin Remote Low Single system Complete Complete Complete
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.)
2357 CVE-2017-11351 798 2017-09-13 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.
2358 CVE-2017-11344 119 Exec Code Overflow 2017-07-17 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.
2359 CVE-2017-11308 119 Exec Code Overflow 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2360 CVE-2017-11307 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2361 CVE-2017-11306 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2362 CVE-2017-11302 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
2363 CVE-2017-11295 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
2364 CVE-2017-11294 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
2365 CVE-2017-11293 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
2366 CVE-2017-11274 416 Exec Code 2017-08-11 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
2367 CVE-2017-11271 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution.
2368 CVE-2017-11270 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution.
2369 CVE-2017-11269 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution.
2370 CVE-2017-11268 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution.
2371 CVE-2017-11267 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution.
2372 CVE-2017-11262 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution.
2373 CVE-2017-11261 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution.
2374 CVE-2017-11260 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution.
2375 CVE-2017-11259 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
2376 CVE-2017-11257 704 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
2377 CVE-2017-11256 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution.
2378 CVE-2017-11253 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2379 CVE-2017-11251 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution.
2380 CVE-2017-11250 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2381 CVE-2017-11241 119 Exec Code Overflow 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution.
2382 CVE-2017-11240 125 Exec Code 2018-05-19 2018-06-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2383 CVE-2017-11237 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution.
2384 CVE-2017-11235 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution.
2385 CVE-2017-11234 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution.
2386 CVE-2017-11231 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution.
2387 CVE-2017-11228 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.
2388 CVE-2017-11227 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
2389 CVE-2017-11226 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.
2390 CVE-2017-11225 416 Exec Code Mem. Corr. +Info 2017-12-09 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
2391 CVE-2017-11224 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
2392 CVE-2017-11223 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution.
2393 CVE-2017-11222 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution.
2394 CVE-2017-11221 704 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution.
2395 CVE-2017-11220 119 Exec Code Overflow 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution.
2396 CVE-2017-11219 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution.
2397 CVE-2017-11218 416 Exec Code 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution.
2398 CVE-2017-11216 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution.
2399 CVE-2017-11215 416 Exec Code Mem. Corr. +Info 2017-12-09 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
2400 CVE-2017-11214 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.