CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5632 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the de… | |||
| CVE-2017-3273 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnera… | |||
| CVE-2017-3258 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily… | |||
| CVE-2017-3257 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerabi… | |||
| CVE-2017-3256 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows l… | |||
| CVE-2017-3244 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily… | |||
| CVE-2017-3238 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. … | |||
| CVE-2017-1000168 | medium | 6.5 | 6.5 | 10y ago | scalarmult() vulnerable to degenerate public keys | |||
| CVE-2017-5223 | medium | 5.5 | 6.5 | 10y ago | Local file disclosure in PHPMailer | |||
| CVE-2017-2938 | medium | 6.5 | 6.5 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. | |||
| CVE-2017-7549 | medium | 6.4 | 6.4 | 4y ago | A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, wher… | |||
| CVE-2017-6679 | medium | 6.4 | 6.4 | 9y ago | The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in … | |||
| CVE-2017-2728 | medium | 6.4 | 6.4 | 9y ago | Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonat… | |||
| CVE-2017-16819 | medium | 5.4 | 6.4 | 9y ago | A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name)… | |||
| CVE-2017-16843 | medium | 5.4 | 6.4 | 9y ago | Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | |||
| CVE-2017-16807 | medium | 5.4 | 6.4 | 9y ago | Kirby XSS Vulnerability | |||
| CVE-2017-16781 | medium | 5.4 | 6.4 | 9y ago | The installer in MyBB before 1.8.13 has XSS. | |||
| CVE-2017-16568 | medium | 5.4 | 6.4 | 9y ago | Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, w… | |||
| CVE-2017-16567 | medium | 5.4 | 6.4 | 9y ago | Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malic… | |||
| CVE-2017-15727 | medium | 5.4 | 6.4 | 9y ago | In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. | |||
| CVE-2017-10420 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vul… | |||
| CVE-2017-10418 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft CDA). The supported version that is affected is 8.56. Easily exploitable vu… | |||
| CVE-2017-10361 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC DRS). The supported version that is affected is 8.0… | |||
| CVE-2017-10358 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Workspace). The supported version that is affected is 11.1.2. Easily exploitable vulnerability all… | |||
| CVE-2017-15284 | medium | 5.4 | 6.4 | 9y ago | OctoberCMS Cross-Site Scripting | |||
| CVE-2017-14717 | medium | 5.4 | 6.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | |||
| CVE-2017-14712 | medium | 5.4 | 6.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | |||
| CVE-2017-3131 | medium | 5.4 | 6.4 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under … | |||
| CVE-2017-12223 | medium | 6.4 | 6.4 | 9y ago | A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device… | |||
| CVE-2017-13754 | medium | 5.4 | 6.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2017-9767 | medium | 5.4 | 6.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter … | |||
| CVE-2017-1190 | medium | 6.4 | 6.4 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an… | |||
| CVE-2017-10224 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Inventory and Count Cycle). Supported versions that are affected are 8.5.1 and… | |||
| CVE-2017-10076 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hospitality Simphony First Edition Venue Management component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 3.9. Easil… | |||
| CVE-2017-10046 | medium | 5.4 | 6.4 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… | |||
| CVE-2017-3750 | medium | 6.4 | 6.4 | 9y ago | On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation… | |||
| CVE-2017-3749 | medium | 6.4 | 6.4 | 9y ago | On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in … | |||
| CVE-2017-8550 | medium | 5.4 | 6.4 | 9y ago | A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". | |||
| CVE-2017-9516 | medium | 5.4 | 6.4 | 9y ago | Craft CMS XSS Vulnerability | |||
| CVE-2017-7953 | medium | 5.4 | 6.4 | 9y ago | INFOR EAM V11.0 Build 201410 has XSS via comment fields. | |||
| CVE-2017-8831 | medium | 6.4 | 6.4 | 9y ago | The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly hav… | |||
| CVE-2017-3586 | medium | 6.4 | 6.4 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java | |||
| CVE-2017-3528 | medium | 5.4 | 6.4 | 9y ago | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.… | |||
| CVE-2017-6606 | medium | 6.4 | 6.4 | 9y ago | A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operat… | |||
| CVE-2017-0883 | medium | 6.4 | 6.4 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary … | |||
| CVE-2017-6340 | medium | 5.4 | 6.4 | 9y ago | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious J… | |||
| CVE-2017-7306 | medium | 6.4 | 6.4 | 9y ago | Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging kn… | |||
| CVE-2017-11906 | medium | 5.3 | 6.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv… | |||
| CVE-2017-12155 | medium | 6.3 | 6.3 | 9y ago | Openstack tripleo-heat-templates unauthenticated file access | |||
| CVE-2017-12335 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation… | |||
| CVE-2017-12330 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation… | |||
| CVE-2017-12329 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vuln… | |||
| CVE-2017-15102 | medium | 6.3 | 6.3 | 9y ago | The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by… | |||
| CVE-2017-15270 | medium | 5.3 | 6.3 | 9y ago | The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface… | |||
| CVE-2017-11830 | medium | 5.3 | 6.3 | 9y ago | Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security f… | |||
| CVE-2017-12278 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resu… | |||
| CVE-2017-5071 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-15223 | medium | 5.3 | 6.3 | 9y ago | Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an in… | |||
| CVE-2017-10393 | medium | 6.3 | 6.3 | 9y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerab… | |||
| CVE-2017-10385 | medium | 6.3 | 6.3 | 9y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerab… | |||
| CVE-2017-10355 | medium | 5.3 | 6.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em… | |||
| CVE-2017-10163 | medium | 6.3 | 6.3 | 9y ago | Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, … | |||
| CVE-2017-10153 | medium | 6.3 | 6.3 | 9y ago | Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Gson)). Supported versions that are affected are 7.0, 7.1… | |||
| CVE-2017-14085 | medium | 5.3 | 6.3 | 9y ago | Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version a… | |||
| CVE-2017-1000091 | medium | 6.3 | 6.3 | 9y ago | Jenkins GitHub Branch Source Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2017-7553 | medium | 6.3 | 6.3 | 9y ago | The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpo… | |||
| CVE-2017-14124 | medium | 6.3 | 6.3 | 9y ago | In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to… | |||
| CVE-2017-9978 | medium | 5.3 | 6.3 | 9y ago | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this infor… | |||
| CVE-2017-12847 | medium | 6.3 | 6.3 | 9y ago | Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-roo… | |||
| CVE-2017-6786 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affec… | |||
| CVE-2017-7936 | medium | 6.3 | 6.3 | 9y ago | A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus… | |||
| CVE-2017-11438 | medium | 6.3 | 6.3 | 9y ago | GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a … | |||
| CVE-2017-9493 | medium | 6.3 | 6.3 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-t… | |||
| CVE-2017-9554 | medium | 5.3 | 6.3 | 9y ago | An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. | |||
| CVE-2017-2241 | medium | 6.3 | 6.3 | 9y ago | SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | |||
| CVE-2017-3631 | medium | 5.3 | 6.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privilege… | |||
| CVE-2017-3630 | medium | 5.3 | 6.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low pri… | |||
| CVE-2017-8840 | medium | 5.3 | 6.3 | 9y ago | Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request t… | |||
| CVE-2017-7489 | medium | 6.3 | 6.3 | 9y ago | Moodle External blog editing takeover | |||
| CVE-2017-2100 | medium | 6.3 | 6.3 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | |||
| CVE-2017-2099 | medium | 6.3 | 6.3 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. | |||
| CVE-2017-5044 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5038 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-6615 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnera… | |||
| CVE-2017-0882 | medium | 6.3 | 6.3 | 9y ago | Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on Mar… | |||
| CVE-2017-6805 | medium | 5.3 | 6.3 | 9y ago | Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | |||
| CVE-2017-0061 | medium | 5.3 | 6.3 | 9y ago | The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code i… | |||
| CVE-2017-6590 | medium | 6.3 | 6.3 | 9y ago | An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login s… | |||
| CVE-2017-5019 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5014 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3291 | medium | 6.3 | 6.3 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. … | |||
| CVE-2017-5487 | medium | 5.3 | 6.3 | 10y ago | wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote… | |||
| CVE-2017-15529 | medium | 6.2 | 6.2 | 9y ago | Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device… | |||
| CVE-2017-15707 | medium | 6.2 | 6.2 | 9y ago | Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin | |||
| CVE-2017-8215 | medium | 6.2 | 6.2 | 9y ago | Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions ea… | |||
| CVE-2017-8214 | medium | 6.2 | 6.2 | 9y ago | Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions ea… | |||
| CVE-2017-10356 | medium | 6.2 | 6.2 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embe… | |||
| CVE-2017-10351 | medium | 6.2 | 6.2 | 9y ago | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.54, 8.55 and 8.56. Eas… | |||
| CVE-2017-10706 | medium | 6.2 | 6.2 | 9y ago | When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used. | |||
| CVE-2017-1304 | medium | 6.2 | 6.2 | 9y ago | IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users appl… |