CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11103 | high | 8.1 | 8.1 | 9y ago | Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. … | |||
| CVE-2017-8565 | high | 8.1 | 8.1 | 9y ago | Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8563 | high | 8.1 | 8.1 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation… | |||
| CVE-2017-1337 | high | 8.1 | 8.1 | 9y ago | IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. | |||
| CVE-2017-6868 | high | 8.1 | 8.1 | 9y ago | An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the C… | |||
| CVE-2017-10914 | high | 8.1 | 8.1 | 9y ago | The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive… | |||
| CVE-2017-8894 | high | 8.1 | 8.1 | 9y ago | AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine. | |||
| CVE-2017-8613 | high | 8.1 | 8.1 | 9y ago | Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "A… | |||
| CVE-2017-0176 | high | 8.1 | 8.1 | 9y ago | A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target comp… | |||
| CVE-2017-4963 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier … | |||
| CVE-2017-7563 | high | 8.1 | 8.1 | 9y ago | In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency i… | |||
| CVE-2017-2824 | high | 8.1 | 8.1 | 9y ago | An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote co… | |||
| CVE-2017-0272 | high | 8.1 | 8.1 | 9y ago | The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 15… | |||
| CVE-2017-8899 | high | 8.1 | 8.1 | 9y ago | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered b… | |||
| CVE-2017-1137 | high | 8.1 | 8.1 | 9y ago | IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access … | |||
| CVE-2017-1103 | high | 8.1 | 8.1 | 9y ago | IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to exp… | |||
| CVE-2017-8059 | high | 8.1 | 8.1 | 9y ago | Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently … | |||
| CVE-2017-8342 | high | 8.1 | 8.1 | 9y ago | Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | |||
| CVE-2017-8288 | high | 8.1 | 8.1 | 9y ago | gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch application… | |||
| CVE-2017-1149 | high | 8.1 | 8.1 | 9y ago | IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit thi… | |||
| CVE-2017-5035 | high | 8.1 | 8.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3602 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-3601 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerabil… | |||
| CVE-2017-3583 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… | |||
| CVE-2017-3554 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1… | |||
| CVE-2017-3472 | high | 8.1 | 8.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio Management). Supported versions that are affected are 2.0.0, 2.0.1, 2… | |||
| CVE-2017-8099 | high | 8.1 | 8.1 | 9y ago | There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. | |||
| CVE-2017-2784 | high | 8.1 | 8.1 | 9y ago | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 cert… | |||
| CVE-2017-0166 | high | 8.1 | 8.1 | 9y ago | An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by runn… | |||
| CVE-2017-7648 | high | 8.1 | 8.1 | 9y ago | Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging kn… | |||
| CVE-2017-7572 | high | 8.1 | 8.1 | 9y ago | The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condi… | |||
| CVE-2017-3204 | high | 8.1 | 8.1 | 9y ago | The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey … | |||
| CVE-2017-2389 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP … | |||
| CVE-2017-7323 | high | 8.1 | 8.1 | 9y ago | The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger… | |||
| CVE-2017-7322 | high | 8.1 | 8.1 | 9y ago | The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serve… | |||
| CVE-2017-6957 | high | 8.1 | 8.1 | 9y ago | Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to … | |||
| CVE-2017-3852 | high | 8.1 | 8.1 | 9y ago | A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in… | |||
| CVE-2017-1151 | high | 8.1 | 8.1 | 9y ago | IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the syste… | |||
| CVE-2017-0104 | high | 8.1 | 8.1 | 9y ago | The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overfl… | |||
| CVE-2017-6949 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsani… | |||
| CVE-2017-6381 | high | 8.1 | 8.1 | 9y ago | Drupal Remote code execution | |||
| CVE-2017-6466 | high | 8.1 | 8.1 | 9y ago | F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-… | |||
| CVE-2017-6432 | high | 8.1 | 8.1 | 9y ago | An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Ma… | |||
| CVE-2017-6445 | high | 8.1 | 8.1 | 9y ago | The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipu… | |||
| CVE-2017-6343 | high | 8.1 | 8.1 | 9y ago | The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attac… | |||
| CVE-2017-3837 | high | 8.1 | 8.1 | 9y ago | An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve me… | |||
| CVE-2017-3263 | high | 8.1 | 8.1 | 10y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Team Member). Supported versions that are affected are 8.2, 8.3, … | |||
| CVE-2017-5556 | high | 8.1 | 8.1 | 10y ago | The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and a… | |||
| CVE-2017-5554 | high | 8.1 | 8.1 | 10y ago | An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attac… | |||
| CVE-2017-5480 | high | 8.1 | 8.1 | 10y ago | Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to prov… | |||
| CVE-2017-12176 | high | — | 8.0 | — | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-3142 | high | — | 8.0 | — | An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a… | |||
| CVE-2017-3145 | high | — | 8.0 | — | BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affec… | |||
| CVE-2017-15132 | high | — | 8.0 | — | A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performa… | |||
| CVE-2017-12178 | high | — | 8.0 | — | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-12627 | high | — | 8.0 | — | In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | |||
| CVE-2017-3143 | high | — | 8.0 | — | An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BI… | |||
| CVE-2017-5428 | high | — | 8.0 | — | An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This functio… | |||
| CVE-2017-12183 | high | — | 8.0 | — | xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-7526 | high | — | 8.0 | — | libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion… | |||
| CVE-2017-3138 | high | — | 8.0 | — | named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regressi… | |||
| CVE-2017-3137 | high | — | 8.0 | — | Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion… | |||
| CVE-2017-3136 | high | — | 8.0 | — | A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-s… | |||
| CVE-2017-15130 | high | — | 8.0 | — | A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and th… | |||
| CVE-2017-0369 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | |||
| CVE-2017-18021 | high | — | 8.0 | — | It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI. | |||
| CVE-2017-0365 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. | |||
| CVE-2017-12177 | high | — | 8.0 | — | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-0367 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | |||
| CVE-2017-0368 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | |||
| CVE-2017-0361 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. | |||
| CVE-2017-0364 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | |||
| CVE-2017-14461 | high | — | 8.0 | — | A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order… | |||
| CVE-2017-15429 | high | — | 8.0 | — | cross-site scripting in chromium | |||
| CVE-2017-0366 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. | |||
| CVE-2017-0362 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | |||
| CVE-2017-0363 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. | |||
| CVE-2017-18201 | high | — | 8.0 | — | An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. | |||
| CVE-2017-17858 | high | — | 8.0 | — | Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because x… | |||
| CVE-2017-18013 | high | — | 8.0 | — | In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. | |||
| CVE-2017-3135 | high | — | 8.0 | — | Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to rea… | |||
| CVE-2017-0370 | high | — | 8.0 | — | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | |||
| CVE-2017-1000356 | high | — | 8.0 | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2017-1000355 | high | — | 8.0 | 4y ago | Deserialization of Untrusted Data in Jenkins | |||
| CVE-2017-1000354 | high | — | 8.0 | 4y ago | Improper Authentication in Jenkins | |||
| CVE-2017-18922 | high | — | 8.0 | 6y ago | It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket fr… | |||
| CVE-2017-18342 | high | — | 8.0 | 8y ago | In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced f… | |||
| CVE-2017-5263 | high | 8.0 | 8.0 | 9y ago | Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session token… | |||
| CVE-2017-1635 | high | 8.0 | 8.0 | 9y ago | IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute… | |||
| CVE-2017-1000405 | high | 7.0 | 8.0 | 9y ago | The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In suc… | |||
| CVE-2017-8193 | high | 8.0 | 8.0 | 9y ago | The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnera… | |||
| CVE-2017-2714 | high | 8.0 | 8.0 | 9y ago | The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitr… | |||
| CVE-2017-16674 | high | 8.0 | 8.0 | 9y ago | Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command … | |||
| CVE-2017-2915 | high | 8.0 | 8.0 | 9y ago | An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell comm… | |||
| CVE-2017-16563 | high | 8.0 | 8.0 | 9y ago | Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | |||
| CVE-2017-1000139 | high | 8.0 | 8.0 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked a… | |||
| CVE-2017-15884 | high | 7.0 | 8.0 | 9y ago | In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | |||
| CVE-2017-5074 | high | 8.0 | 8.0 | 9y ago | multiple issues in chromium | |||
| CVE-2017-10403 | high | 8.0 | 8.0 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Difficul… | |||
| CVE-2017-10612 | high | 8.0 | 8.0 | 9y ago | A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal informat… |