CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6557 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-8787 | high | 8.8 | 8.8 | 9y ago | The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer o… | |||
| CVE-2017-5481 | high | 8.8 | 8.8 | 9y ago | Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. | |||
| CVE-2017-8454 | high | 8.8 | 8.8 | 9y ago | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in … | |||
| CVE-2017-8453 | high | 8.8 | 8.8 | 9y ago | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in … | |||
| CVE-2017-7431 | high | 8.8 | 8.8 | 9y ago | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | |||
| CVE-2017-8403 | high | 8.8 | 8.8 | 9y ago | 360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a… | |||
| CVE-2017-8400 | high | 8.8 | 8.8 | 9y ago | In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attack… | |||
| CVE-2017-6565 | high | 8.8 | 8.8 | 9y ago | On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service.… | |||
| CVE-2017-8377 | high | 8.8 | 8.8 | 9y ago | GeniXCMS SQL Injection | |||
| CVE-2017-8361 | high | 8.8 | 8.8 | 9y ago | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via… | |||
| CVE-2017-8081 | high | 8.8 | 8.8 | 9y ago | Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via ca… | |||
| CVE-2017-8326 | high | 8.8 | 8.8 | 9y ago | libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (applica… | |||
| CVE-2017-8325 | high | 8.8 | 8.8 | 9y ago | The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and … | |||
| CVE-2017-8114 | high | 8.8 | 8.8 | 9y ago | Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly rest… | |||
| CVE-2017-6250 | high | 8.8 | 8.8 | 9y ago | NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. | |||
| CVE-2017-1194 | high | 8.8 | 8.8 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user… | |||
| CVE-2017-2155 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. | |||
| CVE-2017-2149 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded w… | |||
| CVE-2017-2140 | high | 8.8 | 8.8 | 9y ago | Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | |||
| CVE-2017-2128 | high | 8.8 | 8.8 | 9y ago | Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | |||
| CVE-2017-2125 | high | 8.8 | 8.8 | 9y ago | Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. | |||
| CVE-2017-2113 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmwar… | |||
| CVE-2017-2112 | high | 8.8 | 8.8 | 9y ago | TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and … | |||
| CVE-2017-2102 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of admini… | |||
| CVE-2017-2097 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2017-6037 | high | 8.8 | 8.8 | 9y ago | A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run… | |||
| CVE-2017-6035 | high | 8.8 | 8.8 | 9y ago | A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when… | |||
| CVE-2017-7293 | high | 7.8 | 8.8 | 9y ago | The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCO… | |||
| CVE-2017-5051 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5050 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5049 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5048 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5047 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5043 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5034 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5032 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5031 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3622 | high | 7.8 | 8.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily "exploitable" vulner… | |||
| CVE-2017-3578 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Easily "explo… | |||
| CVE-2017-8101 | high | 8.8 | 8.8 | 9y ago | There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | |||
| CVE-2017-2332 | high | 8.8 | 8.8 | 9y ago | An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker … | |||
| CVE-2017-7951 | high | 8.8 | 8.8 | 9y ago | WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | |||
| CVE-2017-7220 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "… | |||
| CVE-2017-7990 | high | 8.8 | 8.8 | 9y ago | The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageRepor… | |||
| CVE-2017-6619 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vul… | |||
| CVE-2017-6616 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnera… | |||
| CVE-2017-5156 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will… | |||
| CVE-2017-7283 | high | 8.8 | 8.8 | 9y ago | An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the… | |||
| CVE-2017-7881 | high | 8.8 | 8.8 | 9y ago | BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an… | |||
| CVE-2017-7877 | high | 8.8 | 8.8 | 9y ago | CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | |||
| CVE-2017-7717 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified… | |||
| CVE-2017-7690 | high | 7.8 | 8.8 | 9y ago | Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. | |||
| CVE-2017-1205 | high | 8.8 | 8.8 | 9y ago | IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. | |||
| CVE-2017-7643 | high | 7.8 | 8.8 | 9y ago | Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program. | |||
| CVE-2017-7219 | high | 8.8 | 8.8 | 9y ago | A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run … | |||
| CVE-2017-7284 | high | 8.8 | 8.8 | 9y ago | An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the c… | |||
| CVE-2017-7281 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows fo… | |||
| CVE-2017-3064 | high | 7.8 | 8.8 | 9y ago | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-0165 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handle… | |||
| CVE-2017-0160 | high | 7.8 | 8.8 | 9y ago | Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." | |||
| CVE-2017-7694 | high | 8.8 | 8.8 | 9y ago | Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. … | |||
| CVE-2017-7647 | high | 8.8 | 8.8 | 9y ago | SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. | |||
| CVE-2017-7622 | high | 8.8 | 8.8 | 9y ago | dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Any… | |||
| CVE-2017-7617 | high | 8.8 | 8.8 | 9y ago | Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, re… | |||
| CVE-2017-7570 | high | 8.8 | 8.8 | 9y ago | PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to ch… | |||
| CVE-2017-4964 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | |||
| CVE-2017-7565 | high | 8.8 | 8.8 | 9y ago | Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | |||
| CVE-2017-6968 | high | 8.8 | 8.8 | 9y ago | GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03. | |||
| CVE-2017-6956 | high | 8.8 | 8.8 | 9y ago | On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point … | |||
| CVE-2017-7413 | high | 8.8 | 8.8 | 9y ago | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled… | |||
| CVE-2017-2490 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2485 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2483 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2482 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2481 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2474 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2473 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2472 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2465 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2463 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tv… | |||
| CVE-2017-2444 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "C… | |||
| CVE-2017-2443 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2017-2433 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitr… | |||
| CVE-2017-2415 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "W… | |||
| CVE-2017-2405 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to … | |||
| CVE-2017-2403 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbi… | |||
| CVE-2017-2396 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2395 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2394 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2381 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging mem… | |||
| CVE-2017-2378 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attack… | |||
| CVE-2017-7393 | high | 8.8 | 8.8 | 9y ago | In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. | |||
| CVE-2017-7253 | high | 8.8 | 8.8 | 9y ago | Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with ad… | |||
| CVE-2017-7310 | high | 7.8 | 8.8 | 9y ago | A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Se… | |||
| CVE-2017-7308 | high | 7.8 | 8.8 | 9y ago | The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (in… | |||
| CVE-2017-2689 | high | 8.8 | 8.8 | 9y ago | Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration… | |||
| CVE-2017-2688 | high | 8.8 | 8.8 | 9y ago | The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the target… | |||
| CVE-2017-7297 | high | 8.8 | 8.8 | 9y ago | Rancher Access Control Vulnerability in github.com/rancher/rancher | |||
| CVE-2017-1153 | high | 8.8 | 8.8 | 9y ago | IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. |