CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11893 | high | 7.5 | 8.5 | 9y ago | ChakraCore vulnerable to remote code execution | |||
| CVE-2017-11890 | high | 7.5 | 8.5 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker… | |||
| CVE-2017-16857 | high | 8.5 | 8.5 | 9y ago | It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsus… | |||
| CVE-2017-17090 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP … | |||
| CVE-2017-16953 | high | 7.5 | 8.5 | 9y ago | connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET requ… | |||
| CVE-2017-17085 | high | 7.5 | 8.5 | 9y ago | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. | |||
| CVE-2017-17058 | high | 7.5 | 8.5 | 9y ago | The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a … | |||
| CVE-2017-16944 | high | 7.5 | 8.5 | 9y ago | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT com… | |||
| CVE-2017-16902 | high | 7.5 | 8.5 | 9y ago | On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot. | |||
| CVE-2017-16894 | high | 7.5 | 8.5 | 9y ago | In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Larav… | |||
| CVE-2017-1000170 | high | 7.5 | 8.5 | 9y ago | jqueryFileTree vulnerable to Directory Traversal | |||
| CVE-2017-11873 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to ho… | |||
| CVE-2017-11870 | high | 7.5 | 8.5 | 9y ago | Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects | |||
| CVE-2017-11861 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engin… | |||
| CVE-2017-11855 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2… | |||
| CVE-2017-11841 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due… | |||
| CVE-2017-11840 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due… | |||
| CVE-2017-11839 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engi… | |||
| CVE-2017-16806 | high | 7.5 | 8.5 | 9y ago | The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | |||
| CVE-2017-16249 | high | 7.5 | 8.5 | 9y ago | The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with … | |||
| CVE-2017-16642 | high | 7.5 | 8.5 | 9y ago | In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to … | |||
| CVE-2017-15921 | high | 7.5 | 8.5 | 9y ago | In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc… | |||
| CVE-2017-15920 | high | 7.5 | 8.5 | 9y ago | In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc… | |||
| CVE-2017-15956 | high | 7.5 | 8.5 | 9y ago | ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. | |||
| CVE-2017-15647 | high | 7.5 | 8.5 | 9y ago | On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | |||
| CVE-2017-10065 | high | 8.5 | 8.5 | 9y ago | Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily … | |||
| CVE-2017-11811 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11810 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-11809 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11802 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11799 | high | 7.5 | 8.5 | 9y ago | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s… | |||
| CVE-2017-11793 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-15236 | high | 7.5 | 8.5 | 9y ago | Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config… | |||
| CVE-2017-15235 | high | 7.5 | 8.5 | 9y ago | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact fi… | |||
| CVE-2017-5637 | high | 7.5 | 8.5 | 9y ago | Uncontrolled Resource Consumption in Apache ZooKeeper | |||
| CVE-2017-13068 | high | 7.5 | 8.5 | 9y ago | QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attack… | |||
| CVE-2017-14087 | high | 7.5 | 8.5 | 9y ago | A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a mali… | |||
| CVE-2017-14086 | high | 7.5 | 8.5 | 9y ago | Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executabl… | |||
| CVE-2017-14083 | high | 7.5 | 8.5 | 9y ago | A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | |||
| CVE-2017-15035 | high | 7.5 | 8.5 | 9y ago | EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash). | |||
| CVE-2017-1000106 | high | 8.5 | 8.5 | 9y ago | Improper Authentication in Jenkins Blue Ocean Plugin | |||
| CVE-2017-14496 | high | 7.5 | 8.5 | 9y ago | Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service … | |||
| CVE-2017-14495 | high | 7.5 | 8.5 | 9y ago | Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involvi… | |||
| CVE-2017-14680 | high | 7.5 | 8.5 | 9y ago | ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. | |||
| CVE-2017-7924 | high | 7.5 | 8.5 | 9y ago | An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could s… | |||
| CVE-2017-8770 | high | 7.5 | 8.5 | 9y ago | There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. | |||
| CVE-2017-9798 | high | 7.5 | 8.5 | 9y ago | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb… | |||
| CVE-2017-8755 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting eng… | |||
| CVE-2017-8751 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft… | |||
| CVE-2017-8740 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in… | |||
| CVE-2017-8734 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E… | |||
| CVE-2017-8731 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses object… | |||
| CVE-2017-8729 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in… | |||
| CVE-2017-11764 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scri… | |||
| CVE-2017-14335 | high | 7.5 | 8.5 | 9y ago | On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. | |||
| CVE-2017-0901 | high | 7.5 | 8.5 | 9y ago | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | |||
| CVE-2017-11662 | high | 7.5 | 8.5 | 9y ago | The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-11661 | high | 7.5 | 8.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-8671 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser … | |||
| CVE-2017-8670 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaSc… | |||
| CVE-2017-8657 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser … | |||
| CVE-2017-8656 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaSc… | |||
| CVE-2017-8646 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript… | |||
| CVE-2017-8645 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript… | |||
| CVE-2017-8641 | high | 7.5 | 8.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8640 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser Java… | |||
| CVE-2017-8636 | high | 7.5 | 8.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8635 | high | 7.5 | 8.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8634 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content whe… | |||
| CVE-2017-11155 | high | 7.5 | 8.5 | 9y ago | An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | |||
| CVE-2017-11152 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | |||
| CVE-2017-9415 | high | 7.5 | 8.5 | 9y ago | Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change password… | |||
| CVE-2017-11469 | high | 7.5 | 8.5 | 9y ago | get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | |||
| CVE-2017-11456 | high | 7.5 | 8.5 | 9y ago | Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. | |||
| CVE-2017-9812 | high | 7.5 | 8.5 | 9y ago | The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.31… | |||
| CVE-2017-1000028 | high | 7.5 | 8.5 | 9y ago | Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP G… | |||
| CVE-2017-8618 | high | 7.5 | 8.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 In… | |||
| CVE-2017-8601 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fa… | |||
| CVE-2017-8594 | high | 7.5 | 8.5 | 9y ago | Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improp… | |||
| CVE-2017-10974 | high | 7.5 | 8.5 | 9y ago | Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protec… | |||
| CVE-2017-10688 | high | 7.5 | 8.5 | 9y ago | In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-9833 | high | 7.5 | 8.5 | 9y ago | /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a … | |||
| CVE-2017-9675 | high | 7.5 | 8.5 | 9y ago | On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. | |||
| CVE-2017-8548 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge imprope… | |||
| CVE-2017-8496 | high | 7.5 | 8.5 | 9y ago | Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, ak… | |||
| CVE-2017-7314 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available. | |||
| CVE-2017-5243 | high | 8.5 | 8.5 | 9y ago | The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls … | |||
| CVE-2017-9353 | high | 7.5 | 8.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. | |||
| CVE-2017-9347 | high | 7.5 | 8.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. | |||
| CVE-2017-9024 | high | 7.5 | 8.5 | 9y ago | Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via… | |||
| CVE-2017-5177 | high | 7.5 | 8.5 | 9y ago | A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafte… | |||
| CVE-2017-7478 | high | 7.5 | 8.5 | 9y ago | OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | |||
| CVE-2017-3730 | high | 7.5 | 8.5 | 9y ago | In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a … | |||
| CVE-2017-8779 | high | 7.5 | 8.5 | 9y ago | denial of service in rpcbind | |||
| CVE-2017-8223 | high | 7.5 | 8.5 | 9y ago | On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0. | |||
| CVE-2017-8222 | high | 7.5 | 8.5 | 9y ago | Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to o… | |||
| CVE-2017-8221 | high | 7.5 | 8.5 | 9y ago | Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote atta… | |||
| CVE-2017-3599 | high | 7.5 | 8.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploit… | |||
| CVE-2017-3523 | high | 8.5 | 8.5 | 9y ago | Improper Access Control in MySQL Connectors Java | |||
| CVE-2017-3493 | high | 8.5 | 8.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affect… |