CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2152 | medium | 6.8 | 6.8 | 9y ago | WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-3485 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-6975 | medium | 6.8 | 6.8 | 9y ago | Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from… | |||
| CVE-2017-7307 | medium | 6.8 | 6.8 | 9y ago | Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by… | |||
| CVE-2017-3824 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of… | |||
| CVE-2017-3812 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a de… | |||
| CVE-2017-14380 | medium | 6.7 | 6.7 | 9y ago | In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_… | |||
| CVE-2017-15870 | medium | 6.7 | 6.7 | 9y ago | Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking." | |||
| CVE-2017-12352 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated pri… | |||
| CVE-2017-12341 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to… | |||
| CVE-2017-12334 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to… | |||
| CVE-2017-12333 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX… | |||
| CVE-2017-12331 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX… | |||
| CVE-2017-8190 | medium | 6.7 | 6.7 | 9y ago | FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high pri… | |||
| CVE-2017-2723 | medium | 6.7 | 6.7 | 9y ago | The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system c… | |||
| CVE-2017-12172 | medium | 6.7 | 6.7 | 9y ago | PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database su… | |||
| CVE-2017-12313 | medium | 6.7 | 6.7 | 9y ago | An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking i… | |||
| CVE-2017-12312 | medium | 6.7 | 6.7 | 9y ago | An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a lo… | |||
| CVE-2017-12305 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability i… | |||
| CVE-2017-14331 | medium | 6.7 | 6.7 | 9y ago | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell. | |||
| CVE-2017-14330 | medium | 6.7 | 6.7 | 9y ago | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. | |||
| CVE-2017-14329 | medium | 6.7 | 6.7 | 9y ago | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. | |||
| CVE-2017-12317 | medium | 6.7 | 6.7 | 9y ago | The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static … | |||
| CVE-2017-15651 | medium | 6.7 | 6.7 | 9y ago | PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message. | |||
| CVE-2017-14019 | medium | 6.7 | 6.7 | 9y ago | An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authori… | |||
| CVE-2017-12301 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying opera… | |||
| CVE-2017-14956 | medium | 5.7 | 6.7 | 9y ago | AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local d… | |||
| CVE-2017-3763 | medium | 6.7 | 6.7 | 9y ago | An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | |||
| CVE-2017-12255 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands enter… | |||
| CVE-2017-1508 | medium | 6.7 | 6.7 | 9y ago | IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. | |||
| CVE-2017-1439 | medium | 6.7 | 6.7 | 9y ago | IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. | |||
| CVE-2017-1438 | medium | 6.7 | 6.7 | 9y ago | IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057. | |||
| CVE-2017-6796 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrar… | |||
| CVE-2017-6794 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker m… | |||
| CVE-2017-6773 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions a… | |||
| CVE-2017-10235 | medium | 6.7 | 6.7 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10004 | medium | 6.7 | 6.7 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high pr… | |||
| CVE-2017-6748 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must… | |||
| CVE-2017-9457 | medium | 6.7 | 6.7 | 9y ago | Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrat… | |||
| CVE-2017-3754 | medium | 6.7 | 6.7 | 9y ago | Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to… | |||
| CVE-2017-6735 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Informatio… | |||
| CVE-2017-6732 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd4734… | |||
| CVE-2017-6719 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection… | |||
| CVE-2017-6718 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.… | |||
| CVE-2017-9525 | medium | 6.7 | 6.7 | 9y ago | In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks aga… | |||
| CVE-2017-8083 | medium | 6.7 | 6.7 | 9y ago | CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a … | |||
| CVE-2017-5688 | medium | 6.7 | 6.7 | 9y ago | There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code. | |||
| CVE-2017-5965 | medium | 6.7 | 6.7 | 9y ago | The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, v… | |||
| CVE-2017-0244 | medium | 6.7 | 6.7 | 9y ago | The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause d… | |||
| CVE-2017-4983 | medium | 6.7 | 6.7 | 9y ago | EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected … | |||
| CVE-2017-5873 | medium | 6.7 | 6.7 | 9y ago | Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, … | |||
| CVE-2017-6598 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security … | |||
| CVE-2017-6417 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and ear… | |||
| CVE-2017-6186 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-pro… | |||
| CVE-2017-5567 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker… | |||
| CVE-2017-5566 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a self-protectio… | |||
| CVE-2017-5565 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a s… | |||
| CVE-2017-3312 | medium | 6.7 | 6.7 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. … | |||
| CVE-2017-5753 | medium | 5.6 | 6.6 | 9y ago | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||
| CVE-2017-17558 | medium | 6.6 | 6.6 | 9y ago | The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces … | |||
| CVE-2017-16650 | medium | 6.6 | 6.6 | 9y ago | The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have u… | |||
| CVE-2017-16649 | medium | 6.6 | 6.6 | 9y ago | The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or poss… | |||
| CVE-2017-16648 | medium | 6.6 | 6.6 | 9y ago | The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possib… | |||
| CVE-2017-16647 | medium | 6.6 | 6.6 | 9y ago | drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impac… | |||
| CVE-2017-16646 | medium | 6.6 | 6.6 | 9y ago | drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a … | |||
| CVE-2017-16645 | medium | 6.6 | 6.6 | 9y ago | The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read … | |||
| CVE-2017-16644 | medium | 6.6 | 6.6 | 9y ago | The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or poss… | |||
| CVE-2017-16643 | medium | 6.6 | 6.6 | 9y ago | The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or pos… | |||
| CVE-2017-12084 | medium | 6.6 | 6.6 | 9y ago | A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulti… | |||
| CVE-2017-16538 | medium | 6.6 | 6.6 | 9y ago | drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified oth… | |||
| CVE-2017-16537 | medium | 6.6 | 6.6 | 9y ago | The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have uns… | |||
| CVE-2017-16536 | medium | 6.6 | 6.6 | 9y ago | The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system cr… | |||
| CVE-2017-16535 | medium | 6.6 | 6.6 | 9y ago | The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly h… | |||
| CVE-2017-16533 | medium | 6.6 | 6.6 | 9y ago | The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have uns… | |||
| CVE-2017-16532 | medium | 6.6 | 6.6 | 9y ago | The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly ha… | |||
| CVE-2017-16531 | medium | 6.6 | 6.6 | 9y ago | drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a craft… | |||
| CVE-2017-16530 | medium | 6.6 | 6.6 | 9y ago | The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB devi… | |||
| CVE-2017-16529 | medium | 6.6 | 6.6 | 9y ago | The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspec… | |||
| CVE-2017-16528 | medium | 6.6 | 6.6 | 9y ago | sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other… | |||
| CVE-2017-16527 | medium | 6.6 | 6.6 | 9y ago | sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact… | |||
| CVE-2017-16525 | medium | 6.6 | 6.6 | 9y ago | The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possi… | |||
| CVE-2017-9647 | medium | 6.6 | 6.6 | 9y ago | A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles… | |||
| CVE-2017-8034 | medium | 6.6 | 6.6 | 9y ago | The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issue… | |||
| CVE-2017-8032 | medium | 6.6 | 6.6 | 9y ago | Cloud Foundry UAA Identity Zone Admin Privilege Escalation | |||
| CVE-2017-6325 | medium | 6.6 | 6.6 | 9y ago | The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time.… | |||
| CVE-2017-7907 | medium | 6.6 | 6.6 | 9y ago | An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XM… | |||
| CVE-2017-3600 | medium | 6.6 | 6.6 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. D… | |||
| CVE-2017-3551 | medium | 6.6 | 6.6 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). The supported version that is affected is 11.3. Easily "exploitable" vulnerability all… | |||
| CVE-2017-7273 | medium | 6.6 | 6.6 | 9y ago | The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possib… | |||
| CVE-2017-6911 | medium | 6.6 | 6.6 | 9y ago | USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify … | |||
| CVE-2017-5623 | medium | 6.6 | 6.6 | 9y ago | An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' i… | |||
| CVE-2017-5634 | medium | 6.6 | 6.6 | 9y ago | The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative priv… | |||
| CVE-2017-0372 | medium | — | 6.5 | — | Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | |||
| CVE-2017-20199 | medium | 6.5 | 6.5 | 10mo ago | A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in… | |||
| CVE-2017-14136 | medium | 6.5 | 6.5 | 5y ago | OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability e… | |||
| CVE-2017-17910 | medium | 6.5 | 6.5 | 9y ago | On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur tran… | |||
| CVE-2017-17760 | medium | 6.5 | 6.5 | 9y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV | |||
| CVE-2017-15886 | medium | 6.5 | 6.5 | 9y ago | Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | |||
| CVE-2017-10910 | medium | 6.5 | 6.5 | 9y ago | MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. | |||
| CVE-2017-9608 | medium | 6.5 | 6.5 | 9y ago | The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. |