CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11528 | medium | 6.5 | 6.5 | 9y ago | The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-11527 | medium | 6.5 | 6.5 | 9y ago | The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||
| CVE-2017-11526 | medium | 6.5 | 6.5 | 9y ago | The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted f… | |||
| CVE-2017-11525 | medium | 6.5 | 6.5 | 9y ago | The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||
| CVE-2017-11524 | medium | 6.5 | 6.5 | 9y ago | The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a c… | |||
| CVE-2017-11523 | medium | 6.5 | 6.5 | 9y ago | The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the e… | |||
| CVE-2017-11522 | medium | 6.5 | 6.5 | 9y ago | The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-1374 | medium | 6.5 | 6.5 | 9y ago | Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. | |||
| CVE-2017-11505 | medium | 6.5 | 6.5 | 9y ago | The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malform… | |||
| CVE-2017-7064 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7060 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to c… | |||
| CVE-2017-7011 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the … | |||
| CVE-2017-2517 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||
| CVE-2017-11478 | medium | 6.5 | 6.5 | 9y ago | The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a ma… | |||
| CVE-2017-1219 | medium | 6.5 | 6.5 | 9y ago | IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information … | |||
| CVE-2017-11448 | medium | 6.5 | 6.5 | 9y ago | The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | |||
| CVE-2017-11447 | medium | 6.5 | 6.5 | 9y ago | The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. | |||
| CVE-2017-11446 | medium | 6.5 | 6.5 | 9y ago | The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. | |||
| CVE-2017-9340 | medium | 6.5 | 6.5 | 9y ago | An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. | |||
| CVE-2017-7947 | medium | 6.5 | 6.5 | 9y ago | NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on … | |||
| CVE-2017-7532 | medium | 6.5 | 6.5 | 9y ago | Moodle Improper Privilege Management | |||
| CVE-2017-2642 | medium | 6.5 | 6.5 | 9y ago | Moodle User fullname disclosure on user preferences page | |||
| CVE-2017-3100 | medium | 6.5 | 6.5 | 9y ago | Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address di… | |||
| CVE-2017-3080 | medium | 6.5 | 6.5 | 9y ago | Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosur… | |||
| CVE-2017-2240 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | |||
| CVE-2017-11360 | medium | 6.5 | 6.5 | 9y ago | The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. | |||
| CVE-2017-11352 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-91… | |||
| CVE-2017-11340 | medium | 6.5 | 6.5 | 9y ago | There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11339 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11338 | medium | 6.5 | 6.5 | 9y ago | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11337 | medium | 6.5 | 6.5 | 9y ago | There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11336 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-0196 | medium | 6.5 | 6.5 | 9y ago | An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Inform… | |||
| CVE-2017-1308 | medium | 6.5 | 6.5 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force … | |||
| CVE-2017-1285 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages.… | |||
| CVE-2017-11189 | medium | 6.5 | 6.5 | 9y ago | unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code … | |||
| CVE-2017-8611 | medium | 6.5 | 6.5 | 9y ago | Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerabil… | |||
| CVE-2017-8602 | medium | 6.5 | 6.5 | 9y ago | Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8599 | medium | 6.5 | 6.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security… | |||
| CVE-2017-8592 | medium | 6.5 | 6.5 | 9y ago | Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server … | |||
| CVE-2017-8587 | medium | 6.5 | 6.5 | 9y ago | Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability whe… | |||
| CVE-2017-8564 | medium | 5.5 | 6.5 | 9y ago | Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server … | |||
| CVE-2017-0170 | medium | 6.5 | 6.5 | 9y ago | Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2… | |||
| CVE-2017-11166 | medium | 6.5 | 6.5 | 9y ago | The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the heade… | |||
| CVE-2017-11141 | medium | 6.5 | 6.5 | 9y ago | The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageEx… | |||
| CVE-2017-8442 | medium | 6.5 | 6.5 | 9y ago | Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL k… | |||
| CVE-2017-7950 | medium | 5.5 | 6.5 | 9y ago | Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. | |||
| CVE-2017-4999 | medium | 6.5 | 6.5 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privile… | |||
| CVE-2017-10973 | medium | 6.5 | 6.5 | 9y ago | In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | |||
| CVE-2017-1236 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 | |||
| CVE-2017-10972 | medium | 6.5 | 6.5 | 9y ago | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X serve… | |||
| CVE-2017-8420 | medium | 6.5 | 6.5 | 9y ago | SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malforme… | |||
| CVE-2017-1258 | medium | 6.5 | 6.5 | 9y ago | IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 | |||
| CVE-2017-10923 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. | |||
| CVE-2017-10919 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. | |||
| CVE-2017-10911 | medium | 6.5 | 6.5 | 9y ago | The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memor… | |||
| CVE-2017-6704 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attack… | |||
| CVE-2017-10796 | medium | 6.5 | 6.5 | 9y ago | On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. | |||
| CVE-2017-10792 | medium | 6.5 | 6.5 | 9y ago | There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert … | |||
| CVE-2017-10791 | medium | 6.5 | 6.5 | 9y ago | There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SP… | |||
| CVE-2017-2298 | medium | 6.5 | 6.5 | 9y ago | The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an … | |||
| CVE-2017-8443 | medium | 6.5 | 6.5 | 9y ago | In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters crede… | |||
| CVE-2017-10669 | medium | 6.5 | 6.5 | 9y ago | Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages mus… | |||
| CVE-2017-6036 | medium | 6.5 | 6.5 | 9y ago | A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently veri… | |||
| CVE-2017-6030 | medium | 6.5 | 6.5 | 9y ago | A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior … | |||
| CVE-2017-5529 | medium | 6.5 | 6.5 | 9y ago | JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affec… | |||
| CVE-2017-1310 | medium | 6.5 | 6.5 | 9y ago | IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts … | |||
| CVE-2017-9998 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | |||
| CVE-2017-9989 | medium | 6.5 | 6.5 | 9y ago | util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. | |||
| CVE-2017-9988 | medium | 6.5 | 6.5 | 9y ago | The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. | |||
| CVE-2017-7522 | medium | 6.5 | 6.5 | 9y ago | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | |||
| CVE-2017-9937 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. | |||
| CVE-2017-9869 | medium | 5.5 | 6.5 | 9y ago | The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application cr… | |||
| CVE-2017-1193 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. | |||
| CVE-2017-1131 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. | |||
| CVE-2017-9775 | medium | 6.5 | 6.5 | 9y ago | Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | |||
| CVE-2017-9815 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function … | |||
| CVE-2017-2829 | medium | 6.5 | 6.5 | 9y ago | An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request… | |||
| CVE-2017-9130 | medium | 5.5 | 6.5 | 9y ago | The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted… | |||
| CVE-2017-9129 | medium | 5.5 | 6.5 | 9y ago | The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file. | |||
| CVE-2017-3744 | medium | 6.5 | 6.5 | 9y ago | In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated… | |||
| CVE-2017-8545 | medium | 6.5 | 6.5 | 9y ago | A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability". | |||
| CVE-2017-8534 | medium | 6.5 | 6.5 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S… | |||
| CVE-2017-8533 | medium | 6.5 | 6.5 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |||
| CVE-2017-8532 | medium | 6.5 | 6.5 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |||
| CVE-2017-8531 | medium | 6.5 | 6.5 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2… | |||
| CVE-2017-8529 | medium | 6.5 | 6.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's compu… | |||
| CVE-2017-8469 | medium | 5.5 | 6.5 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an… | |||
| CVE-2017-9463 | medium | 6.5 | 6.5 | 9y ago | The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context … | |||
| CVE-2017-5697 | medium | 6.5 | 6.5 | 9y ago | Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remot… | |||
| CVE-2017-6697 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. … | |||
| CVE-2017-6691 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd2940… | |||
| CVE-2017-6673 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More I… | |||
| CVE-2017-6655 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) conditio… | |||
| CVE-2017-4974 | medium | 6.5 | 6.5 | 9y ago | Blind SQL Injection with privileged Cloud Foundry UAA endpoints | |||
| CVE-2017-8834 | medium | 6.5 | 6.5 | 9y ago | The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. | |||
| CVE-2017-2165 | medium | 6.5 | 6.5 | 9y ago | GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors. | |||
| CVE-2017-4905 | medium | 5.5 | 6.5 | 9y ago | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch … | |||
| CVE-2017-9501 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9500 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. |