The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-2928 | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2930 | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2931 | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2932 | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2933 | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2934 | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2935 | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2936 | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2937 | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2938 | Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. | HIGH | Jan 10, 2017 |
| CVE-2017-2939 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2940 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2941 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2942 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when processing TIFF image data. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2943 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2944 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2945 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2946 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2948 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2949 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2950 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2951 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2952 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the image conversion module related to parsing tags in TIFF files. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2953 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processing a TIFF image. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2954 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2955 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2956 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2957 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2958 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2959 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2960 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2961 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2962 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization functionality. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2963 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to handling of the color profile in a TIFF file. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2964 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2965 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to TIFF file parsing. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2966 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-2967 | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution. | HIGH | Jan 10, 2017 |
| CVE-2017-5005 | Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation. | HIGH | Jan 3, 2017 |
| CVE-2017-5217 | Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917. | HIGH | Jan 10, 2017 |
| CVE-2017-5340 | Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | HIGH | Jan 11, 2017 |
| CVE-2012-6704 | The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. | HIGH | Dec 28, 2016 |
| CVE-2014-8241 | XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. | High | Dec 19, 2016 |
| CVE-2015-6574 | The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. | High | Dec 22, 2016 |
| CVE-2016-1000156 | Mailcwp remote file upload vulnerability incomplete fix v1.100 | HIGH | Dec 15, 2016 |
| CVE-2016-10037 | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | HIGH | Nov 14, 2019 |
| CVE-2016-10038 | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. | HIGH | Dec 27, 2016 |
| CVE-2016-10039 | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | HIGH | Nov 14, 2019 |
| CVE-2016-2355 | SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | HIGH | Dec 22, 2016 |
| CVE-2016-3129 | A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell. | HIGH | Dec 21, 2016 |
