CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2601 CVE-2017-2935 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
2602 CVE-2017-2934 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
2603 CVE-2017-2933 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
2604 CVE-2017-2932 416 Exec Code 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
2605 CVE-2017-2931 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.
2606 CVE-2017-2930 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
2607 CVE-2017-2928 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.
2608 CVE-2017-2927 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
2609 CVE-2017-2926 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.
2610 CVE-2017-2925 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.
2611 CVE-2017-2917 78 2017-11-07 2017-11-28
9.0
None Remote Low Single system Complete Complete Complete
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
2612 CVE-2017-2916 59 2017-11-07 2017-11-28
9.0
None Remote Low Single system Complete Complete Complete
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.
2613 CVE-2017-2890 78 2017-11-07 2017-11-27
9.0
None Remote Low Single system Complete Complete Complete
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.
2614 CVE-2017-2883 264 Exec Code 2017-11-07 2017-11-27
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.
2615 CVE-2017-2872 264 Exec Code 2018-09-17 2018-11-21
9.0
None Remote Low Single system Complete Complete Complete
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.
2616 CVE-2017-2866 78 2017-11-07 2017-11-27
9.0
None Remote Low Single system Complete Complete Complete
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
2617 CVE-2017-2857 119 Overflow 2018-09-17 2018-11-19
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.
2618 CVE-2017-2856 119 Overflow 2018-09-17 2018-11-19
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.
2619 CVE-2017-2855 119 Overflow 2018-09-19 2018-11-21
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.
2620 CVE-2017-2854 119 Overflow 2018-09-17 2018-12-13
9.3
None Remote Medium Not required Complete Complete Complete
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.
2621 CVE-2017-2832 78 2018-04-24 2018-06-05
9.0
None Remote Low Single system Complete Complete Complete
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
2622 CVE-2017-2788 119 Exec Code Overflow 2017-03-10 2017-03-13
10.0
None Remote Low Not required Complete Complete Complete
A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.
2623 CVE-2017-2787 119 Exec Code Overflow 2017-03-10 2017-03-13
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.
2624 CVE-2017-2785 119 Exec Code Overflow 2017-03-10 2017-03-13
10.0
None Remote Low Not required Complete Complete Complete
An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.
2625 CVE-2017-2768 287 2017-02-03 2017-07-24
10.0
None Remote Low Not required Complete Complete Complete
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system.
2626 CVE-2017-2767 287 Exec Code 2017-02-03 2017-07-24
10.0
None Remote Low Not required Complete Complete Complete
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.
2627 CVE-2017-2741 284 Exec Code 2018-01-23 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
2628 CVE-2017-2729 119 Exec Code Overflow 2017-11-22 2017-12-11
9.3
None Remote Medium Not required Complete Complete Complete
The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.
2629 CVE-2017-2726 119 Exec Code Overflow 2017-11-22 2017-12-08
9.3
None Remote Medium Not required Complete Complete Complete
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.
2630 CVE-2017-2725 119 Exec Code Overflow 2017-11-22 2017-12-08
9.3
None Remote Medium Not required Complete Complete Complete
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.
2631 CVE-2017-2724 119 Exec Code Overflow 2017-11-22 2017-12-08
9.3
None Remote Medium Not required Complete Complete Complete
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.
2632 CVE-2017-2716 119 Overflow 2017-11-22 2017-12-11
9.3
None Remote Medium Not required Complete Complete Complete
The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter to the driver of the smart phone, causing a system crash or privilege escalation.
2633 CVE-2017-2698 119 Overflow 2017-11-22 2017-12-11
9.3
None Remote Medium Not required Complete Complete Complete
The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.
2634 CVE-2017-2697 119 Overflow 2017-11-22 2017-12-12
9.3
None Remote Medium Not required Complete Complete Complete
The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C185B141 and earlier versions has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.
2635 CVE-2017-2696 119 Overflow 2017-11-22 2017-12-12
9.3
None Remote Medium Not required Complete Complete Complete
The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions has a buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.
2636 CVE-2017-2652 264 2018-07-27 2018-09-21
9.0
None Remote Low Single system Complete Complete Complete
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.
2637 CVE-2017-2637 306 2018-07-26 2018-10-02
10.0
None Remote Low Not required Complete Complete Complete
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.
2638 CVE-2017-2620 125 Exec Code 2018-07-27 2018-09-07
9.0
None Remote Low Single system Complete Complete Complete
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
2639 CVE-2017-2615 125 Exec Code 2018-07-02 2018-09-07
9.0
None Remote Low Single system Complete Complete Complete
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
2640 CVE-2017-2548 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2641 CVE-2017-2546 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2642 CVE-2017-2545 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2643 CVE-2017-2543 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2644 CVE-2017-2542 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2645 CVE-2017-2541 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2646 CVE-2017-2537 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2647 CVE-2017-2503 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2648 CVE-2017-2494 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2649 CVE-2017-2490 119 DoS Exec Code Overflow Mem. Corr. 2017-04-01 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2650 CVE-2017-2485 416 DoS Exec Code Mem. Corr. 2017-04-01 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.