Security Vulnerabilities - CVEs Published In 2017
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-12-27
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-12-27
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-12-27
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-12-27
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.
CVSS Score
6.5
EPSS Score
0.089
Published
2017-12-27
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-12-27
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.
CVSS Score
7.8
EPSS Score
0.017
Published
2017-12-27
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-12-27
A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.
CVSS Score
9.8
EPSS Score
0.027
Published
2017-12-27
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-12-27