CVEs from 2017
Total
11,693
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13127 | high | 8.1 | 8.1 | 9y ago | The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack. | |||
| CVE-2017-10364 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Environment Mgmt). Supported versions that are affected are 8.54, 8.55 and 8.56. … | |||
| CVE-2017-8022 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability… | |||
| CVE-2017-13083 | high | 8.1 | 8.1 | 9y ago | Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | |||
| CVE-2017-3760 | high | 8.1 | 8.1 | 9y ago | The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man… | |||
| CVE-2017-3759 | high | 8.1 | 8.1 | 9y ago | The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote… | |||
| CVE-2017-13082 | high | 8.1 | 8.1 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing … | |||
| CVE-2017-10623 | high | 8.1 | 8.1 | 9y ago | Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operati… | |||
| CVE-2017-11779 | high | 8.1 | 8.1 | 9y ago | The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a rem… | |||
| CVE-2017-14084 | high | 8.1 | 8.1 | 9y ago | A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | |||
| CVE-2017-13992 | high | 8.1 | 8.1 | 9y ago | An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication me… | |||
| CVE-2017-15037 | high | 8.1 | 8.1 | 9y ago | In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' cha… | |||
| CVE-2017-13989 | high | 8.1 | 8.1 | 9y ago | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage i… | |||
| CVE-2017-1527 | high | 8.1 | 8.1 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sen… | |||
| CVE-2017-14743 | high | 8.1 | 8.1 | 9y ago | Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | |||
| CVE-2017-14705 | high | 8.1 | 8.1 | 9y ago | DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webser… | |||
| CVE-2017-14650 | high | 8.1 | 8.1 | 9y ago | A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde appli… | |||
| CVE-2017-14246 | high | 8.1 | 8.1 | 9y ago | An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-… | |||
| CVE-2017-14245 | high | 8.1 | 8.1 | 9y ago | An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-… | |||
| CVE-2017-14623 | high | 8.1 | 8.1 | 9y ago | In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (… | |||
| CVE-2017-14607 | high | 8.1 | 8.1 | 9y ago | In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memo… | |||
| CVE-2017-14418 | high | 8.1 | 8.1 | 9y ago | The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction … | |||
| CVE-2017-0161 | high | 8.1 | 8.1 | 9y ago | The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 170… | |||
| CVE-2017-14337 | high | 8.1 | 8.1 | 9y ago | When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate… | |||
| CVE-2017-14263 | high | 8.1 | 8.1 | 9y ago | Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userMana… | |||
| CVE-2017-14262 | high | 8.1 | 8.1 | 9y ago | On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUs… | |||
| CVE-2017-1458 | high | 8.1 | 8.1 | 9y ago | IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informat… | |||
| CVE-2017-14116 | high | 8.1 | 8.1 | 9y ago | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, … | |||
| CVE-2017-14115 | high | 8.1 | 8.1 | 9y ago | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5S… | |||
| CVE-2017-10793 | high | 8.1 | 8.1 | 9y ago | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bd… | |||
| CVE-2017-14032 | high | 8.1 | 8.1 | 9y ago | ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates… | |||
| CVE-2017-0902 | high | 8.1 | 8.1 | 9y ago | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… | |||
| CVE-2017-9685 | high | 8.1 | 8.1 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. | |||
| CVE-2017-6710 | high | 8.1 | 8.1 | 9y ago | A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the… | |||
| CVE-2017-8620 | high | 8.1 | 8.1 | 9y ago | Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow… | |||
| CVE-2017-10177 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Flexfields). The supported version that is affected is 12.2.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10078 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged at… | |||
| CVE-2017-9940 | high | 8.1 | 8.1 | 9y ago | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file sy… | |||
| CVE-2017-12581 | high | 8.1 | 8.1 | 9y ago | Electron vulnerable to remote command execution | |||
| CVE-2017-9857 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet inje… | |||
| CVE-2017-10815 | high | 8.1 | 8.1 | 9y ago | MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authenticat… | |||
| CVE-2017-1467 | high | 8.1 | 8.1 | 9y ago | A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466. | |||
| CVE-2017-11130 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In … | |||
| CVE-2017-11667 | high | 8.1 | 8.1 | 9y ago | OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | |||
| CVE-2017-9765 | high | 8.1 | 8.1 | 9y ago | Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denia… | |||
| CVE-2017-2342 | high | 8.1 | 8.1 | 9y ago | MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This… | |||
| CVE-2017-11318 | high | 8.1 | 8.1 | 9y ago | Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abu… | |||
| CVE-2017-1000071 | high | 8.1 | 8.1 | 9y ago | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. | |||
| CVE-2017-1000053 | high | 8.1 | 8.1 | 9y ago | Arbitrary Code Execution in Cookie Serialization | |||
| CVE-2017-1000034 | high | 8.1 | 8.1 | 9y ago | Akka Java Serialization vulnerability | |||
| CVE-2017-0152 | high | 8.1 | 8.1 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in suc… | |||
| CVE-2017-11103 | high | 8.1 | 8.1 | 9y ago | Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. … | |||
| CVE-2017-8565 | high | 8.1 | 8.1 | 9y ago | Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8563 | high | 8.1 | 8.1 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation… | |||
| CVE-2017-1337 | high | 8.1 | 8.1 | 9y ago | IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. | |||
| CVE-2017-6868 | high | 8.1 | 8.1 | 9y ago | An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the C… | |||
| CVE-2017-10914 | high | 8.1 | 8.1 | 9y ago | The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive… | |||
| CVE-2017-8894 | high | 8.1 | 8.1 | 9y ago | AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine. | |||
| CVE-2017-8613 | high | 8.1 | 8.1 | 9y ago | Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "A… | |||
| CVE-2017-0176 | high | 8.1 | 8.1 | 9y ago | A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target comp… | |||
| CVE-2017-4963 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier … | |||
| CVE-2017-7563 | high | 8.1 | 8.1 | 9y ago | In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency i… | |||
| CVE-2017-8841 | high | 8.1 | 8.1 | 9y ago | Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology … | |||
| CVE-2017-2824 | high | 8.1 | 8.1 | 9y ago | An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote co… | |||
| CVE-2017-0272 | high | 8.1 | 8.1 | 9y ago | The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 15… | |||
| CVE-2017-8899 | high | 8.1 | 8.1 | 9y ago | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered b… | |||
| CVE-2017-1137 | high | 8.1 | 8.1 | 9y ago | IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access … | |||
| CVE-2017-1103 | high | 8.1 | 8.1 | 9y ago | IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to exp… | |||
| CVE-2017-8059 | high | 8.1 | 8.1 | 9y ago | Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently … | |||
| CVE-2017-8342 | high | 8.1 | 8.1 | 9y ago | Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | |||
| CVE-2017-8288 | high | 8.1 | 8.1 | 9y ago | gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch application… | |||
| CVE-2017-1149 | high | 8.1 | 8.1 | 9y ago | IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit thi… | |||
| CVE-2017-5035 | high | 8.1 | 8.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3602 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-3601 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerabil… | |||
| CVE-2017-3583 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… | |||
| CVE-2017-3554 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1… | |||
| CVE-2017-3472 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio Management). Supported versions that are affected are 2.0.0, 2.0.1, 2… | |||
| CVE-2017-8099 | high | 8.1 | 8.1 | 9y ago | There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. | |||
| CVE-2017-2784 | high | 8.1 | 8.1 | 9y ago | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 cert… | |||
| CVE-2017-0166 | high | 8.1 | 8.1 | 9y ago | An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by runn… | |||
| CVE-2017-7648 | high | 8.1 | 8.1 | 9y ago | Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging kn… | |||
| CVE-2017-7572 | high | 8.1 | 8.1 | 9y ago | The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condi… | |||
| CVE-2017-3204 | high | 8.1 | 8.1 | 9y ago | The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey … | |||
| CVE-2017-2447 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2389 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP … | |||
| CVE-2017-6412 | high | 8.1 | 8.1 | 9y ago | In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | |||
| CVE-2017-7323 | high | 8.1 | 8.1 | 9y ago | The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger… | |||
| CVE-2017-7322 | high | 8.1 | 8.1 | 9y ago | The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serve… | |||
| CVE-2017-6957 | high | 8.1 | 8.1 | 9y ago | Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to … | |||
| CVE-2017-3852 | high | 8.1 | 8.1 | 9y ago | A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in… | |||
| CVE-2017-1151 | high | 8.1 | 8.1 | 9y ago | IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the syste… | |||
| CVE-2017-0104 | high | 8.1 | 8.1 | 9y ago | The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overfl… | |||
| CVE-2017-6949 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsani… | |||
| CVE-2017-6381 | high | 8.1 | 8.1 | 9y ago | Drupal Remote code execution | |||
| CVE-2017-6466 | high | 8.1 | 8.1 | 9y ago | F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-… | |||
| CVE-2017-6528 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file). | |||
| CVE-2017-6432 | high | 8.1 | 8.1 | 9y ago | An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Ma… | |||
| CVE-2017-6351 | high | 8.1 | 8.1 | 9y ago | The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device u… | |||
| CVE-2017-6445 | high | 8.1 | 8.1 | 9y ago | The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipu… |