CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2017-3030 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.
702 CVE-2017-3029 119 Overflow 2017-04-12 2017-07-11
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.
703 CVE-2017-3028 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution.
704 CVE-2017-3027 416 Exec Code 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.
705 CVE-2017-3026 416 Exec Code 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution.
706 CVE-2017-3025 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.
707 CVE-2017-3024 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful exploitation could lead to arbitrary code execution.
708 CVE-2017-3023 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution.
709 CVE-2017-3022 125 2017-04-12 2017-07-11
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.
710 CVE-2017-3021 125 2017-04-12 2017-07-11
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.
711 CVE-2017-3020 119 Overflow 2017-04-12 2017-07-11
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module.
712 CVE-2017-3019 125 Exec Code Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) format parser. Successful exploitation could lead to arbitrary code execution.
713 CVE-2017-3018 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exploitation could lead to arbitrary code execution.
714 CVE-2017-3017 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.
715 CVE-2017-3015 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution.
716 CVE-2017-3014 416 Exec Code 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code execution.
717 CVE-2017-3013 427 2017-04-12 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.
718 CVE-2017-3012 427 2017-04-12 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.
719 CVE-2017-3011 190 Exec Code Overflow 2017-04-12 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution.
720 CVE-2017-3008 79 XSS 2017-04-27 2020-05-15
4.3
None Remote Medium Not required None Partial None
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.
721 CVE-2017-3007 426 2017-04-12 2017-04-20
4.6
None Local Low Not required Partial Partial Partial
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.
722 CVE-2017-3006 732 2017-04-12 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
723 CVE-2017-3005 428 2017-04-12 2019-05-10
7.2
None Local Low Not required Complete Complete Complete
Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.
724 CVE-2017-3004 119 Exec Code Overflow Mem. Corr. 2017-04-12 2019-05-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Successful exploitation could lead to arbitrary code execution.
725 CVE-2017-2989 20 Bypass 2017-04-12 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.
726 CVE-2017-2806 125 2017-04-20 2017-04-26
4.3
None Remote Medium Not required Partial None None
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400
727 CVE-2017-2784 295 Exec Code 2017-04-20 2017-07-01
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
728 CVE-2017-2675 2017-04-06 2020-11-09
4.6
None Local Low Not required Partial Partial Partial
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
729 CVE-2017-2671 DoS 2017-04-05 2019-10-03
4.9
None Local Low Not required None None Complete
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
730 CVE-2017-2490 119 DoS Exec Code Overflow Mem. Corr. 2017-04-02 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
731 CVE-2017-2489 200 +Info 2017-04-02 2017-08-16
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
732 CVE-2017-2487 119 DoS Exec Code Overflow Mem. Corr. 2017-04-02 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
733 CVE-2017-2486 425 2017-04-02 2019-10-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
734 CVE-2017-2485 416 DoS Exec Code Mem. Corr. 2017-04-02 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file.
735 CVE-2017-2484 2017-04-02 2019-10-03
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app.
736 CVE-2017-2483 119 Exec Code Overflow 2017-04-02 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
737 CVE-2017-2482 119 Exec Code Overflow 2017-04-02 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
738 CVE-2017-2481 119 DoS Exec Code Overflow Mem. Corr. 2017-04-02 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
739 CVE-2017-2480 200 Bypass +Info 2017-04-02 2017-08-16
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
740 CVE-2017-2479 20 Bypass +Info 2017-04-02 2019-03-19
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
741 CVE-2017-2478 362 Exec Code 2017-04-02 2019-03-08
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
742 CVE-2017-2477 119 DoS Overflow Mem. Corr. 2017-04-02 2017-04-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
743 CVE-2017-2476 119 DoS Exec Code Overflow Mem. Corr. 2017-04-02 2019-03-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
744 CVE-2017-2475 79 XSS 2017-04-02 2019-03-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.
745 CVE-2017-2474 Exec Code 2017-04-02 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app.
746 CVE-2017-2473 119 DoS Exec Code Overflow Mem. Corr. 2017-04-02 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
747 CVE-2017-2472 416 DoS Exec Code 2017-04-02 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
748 CVE-2017-2471 416 Exec Code 2017-04-02 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.
749 CVE-2017-2470 119 DoS Exec Code Overflow Mem. Corr. 2017-04-02 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
750 CVE-2017-2469 119 DoS Exec Code Overflow Mem. Corr. 2017-04-02 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Total number of vulnerabilities : 1574   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.