CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3883 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticate… | |||
| CVE-2017-12293 | high | 8.6 | 8.6 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on th… | |||
| CVE-2017-12246 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected dev… | |||
| CVE-2017-12245 | high | 8.6 | 8.6 | 9y ago | A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detect… | |||
| CVE-2017-12244 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial … | |||
| CVE-2017-1483 | high | 8.6 | 8.6 | 9y ago | IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID… | |||
| CVE-2017-10147 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. … | |||
| CVE-2017-11615 | high | 8.6 | 8.6 | 9y ago | A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library. | |||
| CVE-2017-6612 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect H… | |||
| CVE-2017-9627 | high | 8.6 | 8.6 | 9y ago | An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability co… | |||
| CVE-2017-7901 | high | 8.6 | 8.6 | 9y ago | A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and … | |||
| CVE-2017-7922 | high | 7.6 | 8.6 | 9y ago | An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to se… | |||
| CVE-2017-7914 | high | 8.6 | 8.6 | 9y ago | A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.0… | |||
| CVE-2017-6977 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or caus… | |||
| CVE-2017-2534 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a c… | |||
| CVE-2017-9066 | high | 8.6 | 8.6 | 9y ago | In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | |||
| CVE-2017-9062 | high | 8.6 | 8.6 | 9y ago | In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | |||
| CVE-2017-2119 | high | 8.6 | 8.6 | 9y ago | Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2017-3543 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. E… | |||
| CVE-2017-3542 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. E… | |||
| CVE-2017-3540 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. E… | |||
| CVE-2017-3230 | high | 8.6 | 8.6 | 9y ago | Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 11.1.1.9, 12.2.1.1 and 12.2.1.2. Ea… | |||
| CVE-2017-2321 | high | 8.6 | 8.6 | 9y ago | A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system s… | |||
| CVE-2017-2317 | high | 8.6 | 8.6 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to caus… | |||
| CVE-2017-6608 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected syste… | |||
| CVE-2017-3863 | high | 8.6 | 8.6 | 9y ago | Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf… | |||
| CVE-2017-3862 | high | 8.6 | 8.6 | 9y ago | Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf… | |||
| CVE-2017-3861 | high | 8.6 | 8.6 | 9y ago | Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf… | |||
| CVE-2017-3860 | high | 8.6 | 8.6 | 9y ago | Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overf… | |||
| CVE-2017-7569 | high | 8.6 | 8.6 | 9y ago | In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | |||
| CVE-2017-3864 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial… | |||
| CVE-2017-1145 | high | 8.6 | 8.6 | 9y ago | IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #:… | |||
| CVE-2017-3846 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Man… | |||
| CVE-2017-6413 | high | 8.6 | 8.6 | 9y ago | The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "Aut… | |||
| CVE-2017-6062 | high | 8.6 | 8.6 | 9y ago | The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OID… | |||
| CVE-2017-5167 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. | |||
| CVE-2017-5143 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal… | |||
| CVE-2017-3790 | high | 8.6 | 8.6 | 10y ago | A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a re… | |||
| CVE-2017-3293 | high | 8.6 | 8.6 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitab… | |||
| CVE-2017-3271 | high | 8.6 | 8.6 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitab… | |||
| CVE-2017-15667 | high | 7.5 | 8.5 | 9y ago | In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. | |||
| CVE-2017-17876 | high | 7.5 | 8.5 | 9y ago | Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | |||
| CVE-2017-17692 | high | 7.5 | 8.5 | 9y ago | Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the … | |||
| CVE-2017-17088 | high | 7.5 | 8.5 | 9y ago | The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header … | |||
| CVE-2017-17738 | high | 7.5 | 8.5 | 9y ago | The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. | |||
| CVE-2017-17593 | high | 7.5 | 8.5 | 9y ago | Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | |||
| CVE-2017-17538 | high | 7.5 | 8.5 | 9y ago | MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | |||
| CVE-2017-11918 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine … | |||
| CVE-2017-11914 | high | 7.5 | 8.5 | 9y ago | ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction | |||
| CVE-2017-11911 | high | 7.5 | 8.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11909 | high | 7.5 | 8.5 | 9y ago | ChakraCore vulnerable to remote code execution | |||
| CVE-2017-11907 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2… | |||
| CVE-2017-11903 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2… | |||
| CVE-2017-11893 | high | 7.5 | 8.5 | 9y ago | ChakraCore vulnerable to remote code execution | |||
| CVE-2017-11890 | high | 7.5 | 8.5 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker… | |||
| CVE-2017-16857 | high | 8.5 | 8.5 | 9y ago | It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsus… | |||
| CVE-2017-17090 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP … | |||
| CVE-2017-16953 | high | 7.5 | 8.5 | 9y ago | connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET requ… | |||
| CVE-2017-17085 | high | 7.5 | 8.5 | 9y ago | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. | |||
| CVE-2017-17058 | high | 7.5 | 8.5 | 9y ago | The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a … | |||
| CVE-2017-16944 | high | 7.5 | 8.5 | 9y ago | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT com… | |||
| CVE-2017-16902 | high | 7.5 | 8.5 | 9y ago | On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot. | |||
| CVE-2017-16894 | high | 7.5 | 8.5 | 9y ago | In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Larav… | |||
| CVE-2017-1000170 | high | 7.5 | 8.5 | 9y ago | jqueryFileTree vulnerable to Directory Traversal | |||
| CVE-2017-11873 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to ho… | |||
| CVE-2017-11870 | high | 7.5 | 8.5 | 9y ago | Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects | |||
| CVE-2017-11861 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engin… | |||
| CVE-2017-11855 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2… | |||
| CVE-2017-11841 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due… | |||
| CVE-2017-11840 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due… | |||
| CVE-2017-11839 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engi… | |||
| CVE-2017-16806 | high | 7.5 | 8.5 | 9y ago | The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | |||
| CVE-2017-16249 | high | 7.5 | 8.5 | 9y ago | The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with … | |||
| CVE-2017-16642 | high | 7.5 | 8.5 | 9y ago | In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to … | |||
| CVE-2017-15921 | high | 7.5 | 8.5 | 9y ago | In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc… | |||
| CVE-2017-15920 | high | 7.5 | 8.5 | 9y ago | In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc… | |||
| CVE-2017-15956 | high | 7.5 | 8.5 | 9y ago | ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. | |||
| CVE-2017-15647 | high | 7.5 | 8.5 | 9y ago | On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | |||
| CVE-2017-10065 | high | 8.5 | 8.5 | 9y ago | Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily … | |||
| CVE-2017-11811 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11810 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-11809 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11802 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11799 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11793 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-15236 | high | 7.5 | 8.5 | 9y ago | Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config… | |||
| CVE-2017-15235 | high | 7.5 | 8.5 | 9y ago | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact fi… | |||
| CVE-2017-5637 | high | 7.5 | 8.5 | 9y ago | Uncontrolled Resource Consumption in Apache ZooKeeper | |||
| CVE-2017-13068 | high | 7.5 | 8.5 | 9y ago | QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attack… | |||
| CVE-2017-14087 | high | 7.5 | 8.5 | 9y ago | A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a mali… | |||
| CVE-2017-14086 | high | 7.5 | 8.5 | 9y ago | Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executabl… | |||
| CVE-2017-14083 | high | 7.5 | 8.5 | 9y ago | A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | |||
| CVE-2017-15035 | high | 7.5 | 8.5 | 9y ago | EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash). | |||
| CVE-2017-1000106 | high | 8.5 | 8.5 | 9y ago | Improper Authentication in Jenkins Blue Ocean Plugin | |||
| CVE-2017-14496 | high | 7.5 | 8.5 | 9y ago | Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service … | |||
| CVE-2017-14495 | high | 7.5 | 8.5 | 9y ago | Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involvi… | |||
| CVE-2017-14680 | high | 7.5 | 8.5 | 9y ago | ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. | |||
| CVE-2017-7924 | high | 7.5 | 8.5 | 9y ago | An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could s… | |||
| CVE-2017-8770 | high | 7.5 | 8.5 | 9y ago | There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. | |||
| CVE-2017-9798 | high | 7.5 | 8.5 | 9y ago | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb… |