CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2090 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2017-8219 | medium | 6.5 | 6.5 | 9y ago | TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | |||
| CVE-2017-7989 | medium | 6.5 | 6.5 | 9y ago | In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | |||
| CVE-2017-3592 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Payables component of Oracle E-Business Suite (subcomponent: Self Service Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5… | |||
| CVE-2017-3577 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). The supported version that is affected is 9.2. Easily "exploitable" … | |||
| CVE-2017-3571 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily "exploitable" vuln… | |||
| CVE-2017-3570 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eSettlements). The supported version that is affected is 9.1. Easily "exploitable" vulnerability… | |||
| CVE-2017-3568 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing and Login). Supported versions that are affected are 5.4.0… | |||
| CVE-2017-3534 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.2, 12.… | |||
| CVE-2017-3525 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM Service Procurement component of Oracle PeopleSoft Products (subcomponent: Usability). The supported version that is affected is 9.2. Easily "exploitabl… | |||
| CVE-2017-3524 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component of Oracle PeopleSoft Products (subcomponent: Bidder Registration). The supported version that is affected is 9.2. Easily "e… | |||
| CVE-2017-3522 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection component of Oracle PeopleSoft Products (subcomponent: Vendor). The supported version that is affected is 9.2. Easily "exploitable"… | |||
| CVE-2017-3521 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). The supported version that is affected is 9.2. Easily "exploit… | |||
| CVE-2017-3520 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable"… | |||
| CVE-2017-3517 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily "exploitable" vulner… | |||
| CVE-2017-3491 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are… | |||
| CVE-2017-3488 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3… | |||
| CVE-2017-3453 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. … | |||
| CVE-2017-3452 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows l… | |||
| CVE-2017-3331 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily "exploitable" vulnerability allows low priv… | |||
| CVE-2017-8100 | medium | 6.5 | 6.5 | 9y ago | There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. | |||
| CVE-2017-8098 | medium | 6.5 | 6.5 | 9y ago | e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plu… | |||
| CVE-2017-1000358 | medium | 6.5 | 6.5 | 9y ago | Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is af… | |||
| CVE-2017-2333 | medium | 6.5 | 6.5 | 9y ago | A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to… | |||
| CVE-2017-2326 | medium | 6.5 | 6.5 | 9y ago | An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to … | |||
| CVE-2017-2325 | medium | 6.5 | 6.5 | 9y ago | A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading… | |||
| CVE-2017-2318 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integr… | |||
| CVE-2017-2316 | medium | 6.5 | 6.5 | 9y ago | A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading… | |||
| CVE-2017-2312 | medium | 6.5 | 6.5 | 9y ago | On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for … | |||
| CVE-2017-8082 | medium | 6.5 | 6.5 | 9y ago | concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving … | |||
| CVE-2017-7994 | medium | 6.5 | 6.5 | 9y ago | The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF… | |||
| CVE-2017-6614 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file… | |||
| CVE-2017-4969 | medium | 6.5 | 6.5 | 9y ago | The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. | |||
| CVE-2017-7943 | medium | 6.5 | 6.5 | 9y ago | The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7942 | medium | 6.5 | 6.5 | 9y ago | The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7941 | medium | 6.5 | 6.5 | 9y ago | The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7700 | medium | 6.5 | 6.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring… | |||
| CVE-2017-0211 | medium | 5.5 | 6.5 | 9y ago | An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when … | |||
| CVE-2017-0207 | medium | 6.5 | 6.5 | 9y ago | Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability." | |||
| CVE-2017-0167 | medium | 5.5 | 6.5 | 9y ago | An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory… | |||
| CVE-2017-5672 | medium | 6.5 | 6.5 | 9y ago | Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | |||
| CVE-2017-7646 | medium | 6.5 | 6.5 | 9y ago | SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | |||
| CVE-2017-7606 | medium | 6.5 | 6.5 | 9y ago | coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service … | |||
| CVE-2017-7589 | medium | 6.5 | 6.5 | 9y ago | In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON obj… | |||
| CVE-2017-6603 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted syste… | |||
| CVE-2017-3884 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The att… | |||
| CVE-2017-0886 | medium | 6.5 | 6.5 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the applicat… | |||
| CVE-2017-2671 | medium | 5.5 | 6.5 | 9y ago | The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which al… | |||
| CVE-2017-2489 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from… | |||
| CVE-2017-2486 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the addr… | |||
| CVE-2017-2453 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime… | |||
| CVE-2017-2424 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows r… | |||
| CVE-2017-2418 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the C… | |||
| CVE-2017-2388 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointe… | |||
| CVE-2017-2386 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-7395 | medium | 6.5 | 6.5 | 9y ago | In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. | |||
| CVE-2017-1154 | medium | 6.5 | 6.5 | 9y ago | IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: … | |||
| CVE-2017-2686 | medium | 6.5 | 6.5 | 9y ago | Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive informat… | |||
| CVE-2017-1142 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By interc… | |||
| CVE-2017-6464 | medium | 6.5 | 6.5 | 9y ago | NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. | |||
| CVE-2017-6463 | medium | 6.5 | 6.5 | 9y ago | NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. | |||
| CVE-2017-3880 | medium | 6.5 | 6.5 | 9y ago | An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More In… | |||
| CVE-2017-3877 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack agains… | |||
| CVE-2017-3811 | medium | 6.5 | 6.5 | 9y ago | An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More In… | |||
| CVE-2017-0060 | medium | 5.5 | 6.5 | 9y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol… | |||
| CVE-2017-0045 | medium | 5.5 | 6.5 | 9y ago | Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise … | |||
| CVE-2017-5857 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via … | |||
| CVE-2017-5856 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via Meg… | |||
| CVE-2017-5667 | medium | 6.5 | 6.5 | 9y ago | The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) o… | |||
| CVE-2017-5937 | medium | 6.5 | 6.5 | 9y ago | The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference… | |||
| CVE-2017-5579 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU pro… | |||
| CVE-2017-5578 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumptio… | |||
| CVE-2017-5552 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption)… | |||
| CVE-2017-5526 | medium | 6.5 | 6.5 | 9y ago | Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number o… | |||
| CVE-2017-5525 | medium | 6.5 | 6.5 | 9y ago | Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of … | |||
| CVE-2017-6505 | medium | 6.5 | 6.5 | 9y ago | The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the num… | |||
| CVE-2017-6414 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocatin… | |||
| CVE-2017-6386 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large numb… | |||
| CVE-2017-6317 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involvi… | |||
| CVE-2017-6210 | medium | 6.5 | 6.5 | 9y ago | The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroyin… | |||
| CVE-2017-6209 | medium | 6.5 | 6.5 | 9y ago | Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a den… | |||
| CVE-2017-5993 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a larg… | |||
| CVE-2017-5583 | medium | 6.5 | 6.5 | 9y ago | The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||
| CVE-2017-3899 | medium | 6.5 | 6.5 | 9y ago | SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request paramete… | |||
| CVE-2017-3000 | medium | 6.5 | 6.5 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-6819 | medium | 6.5 | 6.5 | 9y ago | In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an … | |||
| CVE-2017-5867 | medium | 6.5 | 6.5 | 9y ago | ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a o… | |||
| CVE-2017-6402 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur. | |||
| CVE-2017-0038 | medium | 5.5 | 6.5 | 9y ago | gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windo… | |||
| CVE-2017-2359 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the "Safari" component, which allows remote attackers to spoof the address bar via a crafted we… | |||
| CVE-2017-2350 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-5016 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5015 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5013 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5011 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-0310 | medium | 6.5 | 6.5 | 9y ago | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service. | |||
| CVE-2017-2596 | medium | 6.5 | 6.5 | 9y ago | The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service … | |||
| CVE-2017-5880 | medium | 6.5 | 6.5 | 9y ago | Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Ligh… | |||
| CVE-2017-3820 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could a… | |||
| CVE-2017-5572 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. |