CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14016 | medium | 6.3 | 7.3 | 9y ago | A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying… | |||
| CVE-2017-9640 | medium | 6.3 | 7.3 | 9y ago | A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC … | |||
| CVE-2017-17752 | medium | 6.1 | 7.1 | 9y ago | Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.… | |||
| CVE-2017-17649 | medium | 6.1 | 7.1 | 9y ago | Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | |||
| CVE-2017-17737 | medium | 6.1 | 7.1 | 9y ago | The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. | |||
| CVE-2017-16884 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. | |||
| CVE-2017-16962 | medium | 6.1 | 7.1 | 9y ago | The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a craf… | |||
| CVE-2017-16841 | medium | 6.1 | 7.1 | 9y ago | LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | |||
| CVE-2017-16836 | medium | 6.1 | 7.1 | 9y ago | Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | |||
| CVE-2017-15878 | medium | 6.1 | 7.1 | 9y ago | Cross-Site Scripting in keystone | |||
| CVE-2017-15687 | medium | 6.1 | 7.1 | 9y ago | DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. | |||
| CVE-2017-7089 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It all… | |||
| CVE-2017-15291 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description fi… | |||
| CVE-2017-15646 | medium | 6.1 | 7.1 | 9y ago | Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After set… | |||
| CVE-2017-15374 | medium | 6.1 | 7.1 | 9y ago | Shopware XSS Vulnerability | |||
| CVE-2017-15287 | medium | 6.1 | 7.1 | 9y ago | There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | |||
| CVE-2017-14620 | medium | 6.1 | 7.1 | 9y ago | SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||
| CVE-2017-14619 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | |||
| CVE-2017-3133 | medium | 6.1 | 7.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | |||
| CVE-2017-3132 | medium | 6.1 | 7.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToke… | |||
| CVE-2017-14219 | medium | 6.1 | 7.1 | 9y ago | XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSu… | |||
| CVE-2017-14126 | medium | 6.1 | 7.1 | 9y ago | The Participants Database plugin before 1.7.5.10 for WordPress has XSS. | |||
| CVE-2017-9979 | medium | 6.1 | 7.1 | 9y ago | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to… | |||
| CVE-2017-12971 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. | |||
| CVE-2017-12984 | medium | 6.1 | 7.1 | 9y ago | PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | |||
| CVE-2017-11320 | medium | 6.1 | 7.1 | 9y ago | Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router. | |||
| CVE-2017-11355 | medium | 6.1 | 7.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) … | |||
| CVE-2017-9813 | medium | 6.1 | 7.1 | 9y ago | In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site sc… | |||
| CVE-2017-8839 | medium | 6.1 | 7.1 | 9y ago | XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/p… | |||
| CVE-2017-8838 | medium | 6.1 | 7.1 | 9y ago | XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/H… | |||
| CVE-2017-2528 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un… | |||
| CVE-2017-2510 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un… | |||
| CVE-2017-2508 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un… | |||
| CVE-2017-2504 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-5631 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string. | |||
| CVE-2017-7896 | medium | 6.1 | 7.1 | 9y ago | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. | |||
| CVE-2017-7725 | medium | 6.1 | 7.1 | 9y ago | Concrete CMS vulnerable to cross-site scripting (XSS) | |||
| CVE-2017-2445 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-6443 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. | |||
| CVE-2017-6547 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12… | |||
| CVE-2017-6478 | medium | 6.1 | 7.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter). | |||
| CVE-2017-2361 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. | |||
| CVE-2017-12373 | medium | 5.9 | 6.9 | 9y ago | A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive i… | |||
| CVE-2017-17427 | medium | 5.9 | 6.9 | 9y ago | Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed … | |||
| CVE-2017-17382 | medium | 5.9 | 6.9 | 9y ago | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote … | |||
| CVE-2017-13099 | medium | 5.9 | 6.9 | 9y ago | wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL… | |||
| CVE-2017-13098 | medium | 5.9 | 6.9 | 9y ago | Observable Discrepancy in BouncyCastle | |||
| CVE-2017-1000385 | medium | 5.9 | 6.9 | 9y ago | The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's priv… | |||
| CVE-2017-15271 | medium | 5.9 | 6.9 | 9y ago | A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically res… | |||
| CVE-2017-10370 | medium | 6.9 | 6.9 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vu… | |||
| CVE-2017-14494 | medium | 5.9 | 6.9 | 9y ago | dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | |||
| CVE-2017-14955 | medium | 5.9 | 6.9 | 9y ago | Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GU… | |||
| CVE-2017-14117 | medium | 5.9 | 6.9 | 9y ago | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows rem… | |||
| CVE-2017-3898 | medium | 5.9 | 6.9 | 9y ago | A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registr… | |||
| CVE-2017-10058 | medium | 6.9 | 6.9 | 9y ago | Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Administration). Supported versions that are affected are 11.1.… | |||
| CVE-2017-8295 | medium | 5.9 | 6.9 | 9y ago | WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?ac… | |||
| CVE-2017-17982 | medium | 6.8 | 6.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | |||
| CVE-2017-17830 | medium | 6.8 | 6.8 | 9y ago | Bus Booking Script has CSRF via admin/new_master.php. | |||
| CVE-2017-17746 | medium | 6.8 | 6.8 | 9y ago | Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authenticati… | |||
| CVE-2017-12342 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vuln… | |||
| CVE-2017-8206 | medium | 6.8 | 6.8 | 9y ago | HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use ap… | |||
| CVE-2017-8166 | medium | 6.8 | 6.8 | 9y ago | Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use app… | |||
| CVE-2017-8156 | medium | 6.8 | 6.8 | 9y ago | The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit boar… | |||
| CVE-2017-8151 | medium | 6.8 | 6.8 | 9y ago | Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's … | |||
| CVE-2017-2703 | medium | 6.8 | 6.8 | 9y ago | Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier be… | |||
| CVE-2017-2702 | medium | 6.8 | 6.8 | 9y ago | Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone. | |||
| CVE-2017-2691 | medium | 6.8 | 6.8 | 9y ago | Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass … | |||
| CVE-2017-15527 | medium | 6.8 | 6.8 | 9y ago | Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / s… | |||
| CVE-2017-11400 | medium | 6.8 | 6.8 | 9y ago | An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file s… | |||
| CVE-2017-15526 | medium | 6.8 | 6.8 | 9y ago | Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scena… | |||
| CVE-2017-16534 | medium | 6.8 | 6.8 | 9y ago | The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly hav… | |||
| CVE-2017-1000147 | medium | 6.8 | 6.8 | 9y ago | Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. … | |||
| CVE-2017-10274 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability… | |||
| CVE-2017-13086 | medium | 6.8 | 6.8 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decry… | |||
| CVE-2017-13084 | medium | 6.8 | 6.8 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, … | |||
| CVE-2017-13077 | medium | 6.8 | 6.8 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, dec… | |||
| CVE-2017-12732 | medium | 6.8 | 6.8 | 9y ago | A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allow… | |||
| CVE-2017-12239 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical … | |||
| CVE-2017-10814 | medium | 6.8 | 6.8 | 9y ago | Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. | |||
| CVE-2017-10813 | medium | 6.8 | 6.8 | 9y ago | CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-8628 | medium | 6.8 | 6.8 | 9y ago | Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation … | |||
| CVE-2017-10811 | medium | 6.8 | 6.8 | 9y ago | Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-6790 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) … | |||
| CVE-2017-3753 | medium | 6.8 | 6.8 | 9y ago | A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with ad… | |||
| CVE-2017-8623 | medium | 6.8 | 6.8 | 9y ago | Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system,… | |||
| CVE-2017-10198 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedde… | |||
| CVE-2017-10181 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Forgot Password). Supported versions that are affected are 12.0.2 and 12.0.3. Ea… | |||
| CVE-2017-10039 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerab… | |||
| CVE-2017-2282 | medium | 6.8 | 6.8 | 9y ago | Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | |||
| CVE-2017-9497 | medium | 6.8 | 6.8 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics… | |||
| CVE-2017-9496 | medium | 6.8 | 6.8 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to access an SNMP server by connecting a cable to the Ethernet port… | |||
| CVE-2017-0706 | medium | 6.8 | 6.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532. | |||
| CVE-2017-0705 | medium | 6.8 | 6.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898. | |||
| CVE-2017-10709 | medium | 6.8 | 6.8 | 9y ago | The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. | |||
| CVE-2017-9832 | medium | 6.8 | 6.8 | 9y ago | An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe rem… | |||
| CVE-2017-9831 | medium | 6.8 | 6.8 | 9y ago | An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds … | |||
| CVE-2017-5646 | medium | 6.8 | 6.8 | 9y ago | Apache Knox allows impersonation of users | |||
| CVE-2017-8879 | medium | 6.8 | 6.8 | 9y ago | Dolibarr allows password changes without supplying the current password | |||
| CVE-2017-6628 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of s… | |||
| CVE-2017-8371 | medium | 6.8 | 6.8 | 9y ago | Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. |