CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3327 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,… | |||
| CVE-2017-3326 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Role Summary). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.… | |||
| CVE-2017-3325 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows unauthenticated at… | |||
| CVE-2017-3303 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1… | |||
| CVE-2017-3287 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.… | |||
| CVE-2017-3285 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3284 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2017-3279 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Leads Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitabl… | |||
| CVE-2017-3278 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation). The supported version that is affected is 12.1.3. Easily exploitable vuln… | |||
| CVE-2017-3275 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 a… | |||
| CVE-2017-3274 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 a… | |||
| CVE-2017-17920 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes th… | |||
| CVE-2017-17919 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes t… | |||
| CVE-2017-17917 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this i… | |||
| CVE-2017-17916 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes th… | |||
| CVE-2017-16897 | high | 8.1 | 8.1 | 9y ago | passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token | |||
| CVE-2017-13878 | high | 7.1 | 8.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read res… | |||
| CVE-2017-6164 | high | 8.1 | 8.1 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4… | |||
| CVE-2017-1694 | high | 8.1 | 8.1 | 9y ago | IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. | |||
| CVE-2017-3194 | high | 8.1 | 8.1 | 9y ago | Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | |||
| CVE-2017-16776 | high | 8.1 | 8.1 | 9y ago | Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change He… | |||
| CVE-2017-7344 | high | 8.1 | 8.1 | 9y ago | A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when … | |||
| CVE-2017-5530 | high | 8.1 | 8.1 | 9y ago | The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate thei… | |||
| CVE-2017-11932 | high | 8.1 | 8.1 | 9y ago | Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofi… | |||
| CVE-2017-17426 | high | 8.1 | 8.1 | 9y ago | The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potential… | |||
| CVE-2017-8823 | high | 8.1 | 8.1 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point e… | |||
| CVE-2017-15055 | high | 8.1 | 8.1 | 9y ago | TeamPass Improper Privilege Management | |||
| CVE-2017-15114 | high | 8.1 | 8.1 | 9y ago | When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authenticati… | |||
| CVE-2017-8028 | high | 8.1 | 8.1 | 9y ago | Improper Authentication in Pivotal Spring-LDAP | |||
| CVE-2017-4995 | high | 8.1 | 8.1 | 9y ago | Deserialization of Untrusted Data in Spring Security | |||
| CVE-2017-15098 | high | 8.1 | 8.1 | 9y ago | Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can cr… | |||
| CVE-2017-16871 | high | 8.1 | 8.1 | 9y ago | The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before del… | |||
| CVE-2017-16870 | high | 8.1 | 8.1 | 9y ago | The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that… | |||
| CVE-2017-1000241 | high | 8.1 | 8.1 | 9y ago | The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view an… | |||
| CVE-2017-16853 | high | 8.1 | 8.1 | 9y ago | The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and… | |||
| CVE-2017-16852 | high | 8.1 | 8.1 | 9y ago | shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and d… | |||
| CVE-2017-1477 | high | 8.1 | 8.1 | 9y ago | IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensit… | |||
| CVE-2017-14711 | high | 8.1 | 8.1 | 9y ago | The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and passw… | |||
| CVE-2017-2914 | high | 8.1 | 8.1 | 9y ago | An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid b… | |||
| CVE-2017-2883 | high | 8.1 | 8.1 | 9y ago | An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code… | |||
| CVE-2017-2882 | high | 8.1 | 8.1 | 9y ago | An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive fil… | |||
| CVE-2017-0904 | high | 8.1 | 8.1 | 9y ago | private_address_check vulnerable to bypass of Resolv.getaddresses method | |||
| CVE-2017-6331 | high | 7.1 | 8.1 | 9y ago | Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that … | |||
| CVE-2017-1000134 | high | 8.1 | 8.1 | 9y ago | Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group mem… | |||
| CVE-2017-12276 | high | 8.1 | 8.1 | 9y ago | A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confiden… | |||
| CVE-2017-10873 | high | 8.1 | 8.1 | 9y ago | OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) im… | |||
| CVE-2017-1000256 | high | 8.1 | 8.1 | 9y ago | libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |||
| CVE-2017-6157 | high | 8.1 | 8.1 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration … | |||
| CVE-2017-14332 | high | 8.1 | 8.1 | 9y ago | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. | |||
| CVE-2017-13127 | high | 8.1 | 8.1 | 9y ago | The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack. | |||
| CVE-2017-10364 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Environment Mgmt). Supported versions that are affected are 8.54, 8.55 and 8.56. … | |||
| CVE-2017-10309 | high | 7.1 | 8.1 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthentic… | |||
| CVE-2017-8022 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability… | |||
| CVE-2017-13083 | high | 8.1 | 8.1 | 9y ago | Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | |||
| CVE-2017-3760 | high | 8.1 | 8.1 | 9y ago | The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man… | |||
| CVE-2017-3759 | high | 8.1 | 8.1 | 9y ago | The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote… | |||
| CVE-2017-13082 | high | 8.1 | 8.1 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing … | |||
| CVE-2017-10623 | high | 8.1 | 8.1 | 9y ago | Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operati… | |||
| CVE-2017-11779 | high | 8.1 | 8.1 | 9y ago | The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a rem… | |||
| CVE-2017-13992 | high | 8.1 | 8.1 | 9y ago | An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication me… | |||
| CVE-2017-15037 | high | 8.1 | 8.1 | 9y ago | In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' cha… | |||
| CVE-2017-13989 | high | 8.1 | 8.1 | 9y ago | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage i… | |||
| CVE-2017-1527 | high | 8.1 | 8.1 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sen… | |||
| CVE-2017-14743 | high | 8.1 | 8.1 | 9y ago | Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | |||
| CVE-2017-14705 | high | 8.1 | 8.1 | 9y ago | DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webser… | |||
| CVE-2017-14650 | high | 8.1 | 8.1 | 9y ago | A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde appli… | |||
| CVE-2017-14246 | high | 8.1 | 8.1 | 9y ago | An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-… | |||
| CVE-2017-14245 | high | 8.1 | 8.1 | 9y ago | An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-… | |||
| CVE-2017-14623 | high | 8.1 | 8.1 | 9y ago | In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (… | |||
| CVE-2017-14607 | high | 8.1 | 8.1 | 9y ago | In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memo… | |||
| CVE-2017-14418 | high | 8.1 | 8.1 | 9y ago | The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction … | |||
| CVE-2017-0161 | high | 8.1 | 8.1 | 9y ago | The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 170… | |||
| CVE-2017-14337 | high | 8.1 | 8.1 | 9y ago | When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate… | |||
| CVE-2017-14263 | high | 8.1 | 8.1 | 9y ago | Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userMana… | |||
| CVE-2017-14262 | high | 8.1 | 8.1 | 9y ago | On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUs… | |||
| CVE-2017-1458 | high | 8.1 | 8.1 | 9y ago | IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informat… | |||
| CVE-2017-14116 | high | 8.1 | 8.1 | 9y ago | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, … | |||
| CVE-2017-14115 | high | 8.1 | 8.1 | 9y ago | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5S… | |||
| CVE-2017-10793 | high | 8.1 | 8.1 | 9y ago | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bd… | |||
| CVE-2017-14032 | high | 8.1 | 8.1 | 9y ago | ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates… | |||
| CVE-2017-0902 | high | 8.1 | 8.1 | 9y ago | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… | |||
| CVE-2017-9685 | high | 8.1 | 8.1 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. | |||
| CVE-2017-6710 | high | 8.1 | 8.1 | 9y ago | A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the… | |||
| CVE-2017-8620 | high | 8.1 | 8.1 | 9y ago | Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow… | |||
| CVE-2017-10177 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Flexfields). The supported version that is affected is 12.2.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10078 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged at… | |||
| CVE-2017-9940 | high | 8.1 | 8.1 | 9y ago | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file sy… | |||
| CVE-2017-12581 | high | 8.1 | 8.1 | 9y ago | Electron vulnerable to remote command execution | |||
| CVE-2017-9857 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet inje… | |||
| CVE-2017-10815 | high | 8.1 | 8.1 | 9y ago | MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authenticat… | |||
| CVE-2017-1467 | high | 8.1 | 8.1 | 9y ago | A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466. | |||
| CVE-2017-11130 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In … | |||
| CVE-2017-11667 | high | 8.1 | 8.1 | 9y ago | OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | |||
| CVE-2017-9765 | high | 8.1 | 8.1 | 9y ago | Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denia… | |||
| CVE-2017-2342 | high | 8.1 | 8.1 | 9y ago | MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This… | |||
| CVE-2017-11318 | high | 8.1 | 8.1 | 9y ago | Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abu… | |||
| CVE-2017-1000071 | high | 8.1 | 8.1 | 9y ago | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. | |||
| CVE-2017-1000053 | high | 8.1 | 8.1 | 9y ago | Arbitrary Code Execution in Cookie Serialization | |||
| CVE-2017-1000034 | high | 8.1 | 8.1 | 9y ago | Akka Java Serialization vulnerability | |||
| CVE-2017-0152 | high | 8.1 | 8.1 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in suc… |