CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6460 | high | 8.8 | 8.8 | 9y ago | Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction l… | |||
| CVE-2017-6458 | high | 8.8 | 8.8 | 9y ago | Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | |||
| CVE-2017-5931 | high | 8.8 | 8.8 | 9y ago | Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code … | |||
| CVE-2017-6069 | high | 8.8 | 8.8 | 9y ago | Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. | |||
| CVE-2017-6068 | high | 8.8 | 8.8 | 9y ago | Subrion CMS vulnerable to CSRF in admin/blocks/add | |||
| CVE-2017-6066 | high | 8.8 | 8.8 | 9y ago | Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. | |||
| CVE-2017-6002 | high | 8.8 | 8.8 | 9y ago | Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. | |||
| CVE-2017-5199 | high | 8.8 | 8.8 | 9y ago | The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | |||
| CVE-2017-5198 | high | 8.8 | 8.8 | 9y ago | SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. | |||
| CVE-2017-6191 | high | 7.8 | 8.8 | 9y ago | Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename. | |||
| CVE-2017-3858 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is d… | |||
| CVE-2017-5874 | high | 8.8 | 8.8 | 9y ago | CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | |||
| CVE-2017-6178 | high | 7.8 | 8.8 | 9y ago | The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference. | |||
| CVE-2017-0108 | high | 7.8 | 8.8 | 9y ago | The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows… | |||
| CVE-2017-0100 | high | 7.8 | 8.8 | 9y ago | A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 201… | |||
| CVE-2017-3854 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to… | |||
| CVE-2017-3819 | high | 8.8 | 8.8 | 9y ago | A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Pack… | |||
| CVE-2017-6060 | high | 7.8 | 8.8 | 9y ago | Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. | |||
| CVE-2017-3003 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. … | |||
| CVE-2017-3002 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation cou… | |||
| CVE-2017-3001 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbit… | |||
| CVE-2017-2999 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitatio… | |||
| CVE-2017-2998 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitati… | |||
| CVE-2017-2997 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitati… | |||
| CVE-2017-6180 | high | 8.8 | 8.8 | 9y ago | Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). | |||
| CVE-2017-6081 | high | 8.8 | 8.8 | 9y ago | A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for u… | |||
| CVE-2017-5675 | high | 8.8 | 8.8 | 9y ago | A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the ma… | |||
| CVE-2017-2290 | high | 8.8 | 8.8 | 9y ago | On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco… | |||
| CVE-2017-6407 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client… | |||
| CVE-2017-6406 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occ… | |||
| CVE-2017-6400 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system). | |||
| CVE-2017-6399 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client… | |||
| CVE-2017-2682 | high | 8.8 | 8.8 | 9y ago | The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to… | |||
| CVE-2017-5585 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict D… | |||
| CVE-2017-3835 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Info… | |||
| CVE-2017-6127 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of a… | |||
| CVE-2017-5881 | high | 7.8 | 8.8 | 9y ago | GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file. | |||
| CVE-2017-2372 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attacker… | |||
| CVE-2017-2370 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve… | |||
| CVE-2017-2366 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involv… | |||
| CVE-2017-2360 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve… | |||
| CVE-2017-2356 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1… | |||
| CVE-2017-2355 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1… | |||
| CVE-2017-2354 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1… | |||
| CVE-2017-2353 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2017-6074 | high | 7.8 | 8.8 | 9y ago | The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r… | |||
| CVE-2017-6065 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. | |||
| CVE-2017-5012 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5009 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-0321 | high | 8.8 | 8.8 | 9y ago | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or poten… | |||
| CVE-2017-0313 | high | 7.8 | 8.8 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where un… | |||
| CVE-2017-0312 | high | 7.8 | 8.8 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit … | |||
| CVE-2017-0311 | high | 8.8 | 8.8 | 9y ago | NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. | |||
| CVE-2017-0309 | high | 8.8 | 8.8 | 9y ago | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service… | |||
| CVE-2017-0308 | high | 8.8 | 8.8 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation l… | |||
| CVE-2017-3801 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privil… | |||
| CVE-2017-2996 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2995 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2994 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2993 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2991 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary co… | |||
| CVE-2017-2990 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code executio… | |||
| CVE-2017-2987 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2984 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2982 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execu… | |||
| CVE-2017-5940 | high | 8.8 | 8.8 | 9y ago | Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows loc… | |||
| CVE-2017-3813 | high | 7.8 | 8.8 | 9y ago | A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with th… | |||
| CVE-2017-0412 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H… | |||
| CVE-2017-0411 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H… | |||
| CVE-2017-5368 | high | 8.8 | 8.8 | 9y ago | ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the c… | |||
| CVE-2017-5218 | high | 8.8 | 8.8 | 9y ago | A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to … | |||
| CVE-2017-5609 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2017-5329 | high | 7.8 | 8.8 | 10y ago | Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. | |||
| CVE-2017-3794 | high | 8.8 | 8.8 | 10y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: … | |||
| CVE-2017-5570 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST re… | |||
| CVE-2017-5563 | high | 8.8 | 8.8 | 10y ago | LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. | |||
| CVE-2017-5520 | high | 8.8 | 8.8 | 10y ago | The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files wit… | |||
| CVE-2017-5492 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims … | |||
| CVE-2017-5489 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. | |||
| CVE-2017-5476 | high | 8.8 | 8.8 | 10y ago | Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | |||
| CVE-2017-5475 | high | 8.8 | 8.8 | 10y ago | comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | |||
| CVE-2017-5225 | high | 8.8 | 8.8 | 10y ago | LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. | |||
| CVE-2017-5345 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default… | |||
| CVE-2017-2937 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation coul… | |||
| CVE-2017-2936 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execu… | |||
| CVE-2017-2928 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code exe… | |||
| CVE-2017-2927 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code exe… | |||
| CVE-2017-2926 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary cod… | |||
| CVE-2017-2925 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-0002 | high | 8.8 | 8.8 | 10y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability." | |||
| CVE-2017-11173 | high | 8.8 | 8.8 | 11y ago | Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com dom… | |||
| CVE-2017-10401 | high | 8.7 | 8.7 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMSUpdater). The supported version that is affected is 7.30.564.0. Easi… | |||
| CVE-2017-10372 | high | 8.7 | 8.7 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vu… | |||
| CVE-2017-3500 | high | 8.7 | 8.7 | 9y ago | Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2,… | |||
| CVE-2017-6607 | high | 8.7 | 8.7 | 9y ago | A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DN… | |||
| CVE-2017-14855 | high | 8.6 | 8.6 | 9y ago | Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. | |||
| CVE-2017-17952 | high | 8.6 | 8.6 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | |||
| CVE-2017-16717 | high | 8.6 | 8.6 | 9y ago | A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. | |||
| CVE-2017-17697 | high | 8.6 | 8.6 | 9y ago | The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | |||
| CVE-2017-17051 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hyper… |