CVEs from 2017
Total
11,693
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3387 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3386 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3385 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3384 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3383 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3382 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3381 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3380 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3379 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3378 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3377 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3376 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3375 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3374 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3373 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3372 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Interaction Blending component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, … | |||
| CVE-2017-3371 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulner… | |||
| CVE-2017-3370 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulner… | |||
| CVE-2017-3369 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulner… | |||
| CVE-2017-3368 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Address Book). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.… | |||
| CVE-2017-3367 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploi… | |||
| CVE-2017-3366 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploi… | |||
| CVE-2017-3365 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploi… | |||
| CVE-2017-3364 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploi… | |||
| CVE-2017-3363 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploi… | |||
| CVE-2017-3362 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploi… | |||
| CVE-2017-3361 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Installed Base component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable … | |||
| CVE-2017-3360 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily explo… | |||
| CVE-2017-3359 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily explo… | |||
| CVE-2017-3358 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3357 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3354 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3353 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3352 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3351 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3350 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3349 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3348 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3346 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3344 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3343 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3341 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3340 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3339 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3338 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3336 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3335 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3334 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3333 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3328 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,… | |||
| CVE-2017-3327 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,… | |||
| CVE-2017-3326 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Role Summary). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.… | |||
| CVE-2017-3325 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows unauthenticated at… | |||
| CVE-2017-3303 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1… | |||
| CVE-2017-3287 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.… | |||
| CVE-2017-3285 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3284 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3279 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Leads Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitabl… | |||
| CVE-2017-3278 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation). The supported version that is affected is 12.1.3. Easily exploitable vuln… | |||
| CVE-2017-3275 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 a… | |||
| CVE-2017-3274 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 a… | |||
| CVE-2017-17920 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes th… | |||
| CVE-2017-17919 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes t… | |||
| CVE-2017-17917 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this i… | |||
| CVE-2017-17916 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes th… | |||
| CVE-2017-16897 | high | 8.1 | 8.1 | 9y ago | passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token | |||
| CVE-2017-6164 | high | 8.1 | 8.1 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4… | |||
| CVE-2017-1694 | high | 8.1 | 8.1 | 9y ago | IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. | |||
| CVE-2017-3194 | high | 8.1 | 8.1 | 9y ago | Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | |||
| CVE-2017-16776 | high | 8.1 | 8.1 | 9y ago | Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change He… | |||
| CVE-2017-7344 | high | 8.1 | 8.1 | 9y ago | A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when … | |||
| CVE-2017-5530 | high | 8.1 | 8.1 | 9y ago | The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate thei… | |||
| CVE-2017-11932 | high | 8.1 | 8.1 | 9y ago | Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofi… | |||
| CVE-2017-17426 | high | 8.1 | 8.1 | 9y ago | The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potential… | |||
| CVE-2017-16929 | high | 8.1 | 8.1 | 9y ago | The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a re… | |||
| CVE-2017-8823 | high | 8.1 | 8.1 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point e… | |||
| CVE-2017-15055 | high | 8.1 | 8.1 | 9y ago | TeamPass Improper Privilege Management | |||
| CVE-2017-15114 | high | 8.1 | 8.1 | 9y ago | When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authenticati… | |||
| CVE-2017-8028 | high | 8.1 | 8.1 | 9y ago | Improper Authentication in Pivotal Spring-LDAP | |||
| CVE-2017-4995 | high | 8.1 | 8.1 | 9y ago | Deserialization of Untrusted Data in Spring Security | |||
| CVE-2017-15098 | high | 8.1 | 8.1 | 9y ago | Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can cr… | |||
| CVE-2017-16871 | high | 8.1 | 8.1 | 9y ago | The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before del… | |||
| CVE-2017-16870 | high | 8.1 | 8.1 | 9y ago | The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that… | |||
| CVE-2017-1000241 | high | 8.1 | 8.1 | 9y ago | The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view an… | |||
| CVE-2017-16853 | high | 8.1 | 8.1 | 9y ago | The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and… | |||
| CVE-2017-16852 | high | 8.1 | 8.1 | 9y ago | shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and d… | |||
| CVE-2017-15806 | high | 8.1 | 8.1 | 9y ago | Zeta Components Mail Arbitrary code execution via a crafted email address | |||
| CVE-2017-1477 | high | 8.1 | 8.1 | 9y ago | IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensit… | |||
| CVE-2017-14711 | high | 8.1 | 8.1 | 9y ago | The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and passw… | |||
| CVE-2017-2914 | high | 8.1 | 8.1 | 9y ago | An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid b… | |||
| CVE-2017-2883 | high | 8.1 | 8.1 | 9y ago | An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code… | |||
| CVE-2017-2882 | high | 8.1 | 8.1 | 9y ago | An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive fil… | |||
| CVE-2017-0904 | high | 8.1 | 8.1 | 9y ago | private_address_check vulnerable to bypass of Resolv.getaddresses method | |||
| CVE-2017-1000134 | high | 8.1 | 8.1 | 9y ago | Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group mem… | |||
| CVE-2017-12276 | high | 8.1 | 8.1 | 9y ago | A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confiden… | |||
| CVE-2017-10873 | high | 8.1 | 8.1 | 9y ago | OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) im… | |||
| CVE-2017-1000256 | high | 8.1 | 8.1 | 9y ago | libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |||
| CVE-2017-6157 | high | 8.1 | 8.1 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration … | |||
| CVE-2017-14332 | high | 8.1 | 8.1 | 9y ago | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. | |||
| CVE-2017-7115 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrar… |