CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7456 | high | 7.5 | 8.5 | 9y ago | Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. | |||
| CVE-2017-7455 | high | 7.5 | 8.5 | 9y ago | Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. | |||
| CVE-2017-0202 | high | 7.5 | 8.5 | 9y ago | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrar… | |||
| CVE-2017-7185 | high | 7.5 | 8.5 | 9y ago | Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows r… | |||
| CVE-2017-6190 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" r… | |||
| CVE-2017-6019 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot. | |||
| CVE-2017-7397 | high | 7.5 | 8.5 | 9y ago | BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This… | |||
| CVE-2017-1001000 | high | 7.5 | 8.5 | 9y ago | The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows … | |||
| CVE-2017-7285 | high | 7.5 | 8.5 | 9y ago | A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, prevent… | |||
| CVE-2017-7183 | high | 7.5 | 8.5 | 9y ago | The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message. | |||
| CVE-2017-5850 | high | 7.5 | 8.5 | 9y ago | httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header. | |||
| CVE-2017-7240 | high | 7.5 | 8.5 | 9y ago | An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefor… | |||
| CVE-2017-5227 | high | 7.5 | 8.5 | 9y ago | QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration… | |||
| CVE-2017-0070 | high | 7.5 | 8.5 | 9y ago | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i… | |||
| CVE-2017-6510 | high | 7.5 | 8.5 | 9y ago | Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory. | |||
| CVE-2017-5359 | high | 7.5 | 8.5 | 9y ago | EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI. | |||
| CVE-2017-6367 | high | 7.5 | 8.5 | 9y ago | In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header. | |||
| CVE-2017-6444 | high | 7.5 | 8.5 | 9y ago | The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU… | |||
| CVE-2017-6427 | high | 7.5 | 8.5 | 9y ago | A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a… | |||
| CVE-2017-6527 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the… | |||
| CVE-2017-6552 | high | 7.5 | 8.5 | 9y ago | Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue… | |||
| CVE-2017-6104 | high | 7.5 | 8.5 | 9y ago | Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | |||
| CVE-2017-5982 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by … | |||
| CVE-2017-6206 | high | 7.5 | 8.5 | 9y ago | D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated I… | |||
| CVE-2017-5991 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pix… | |||
| CVE-2017-5972 | high | 7.5 | 8.5 | 9y ago | The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of servi… | |||
| CVE-2017-5146 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text. | |||
| CVE-2017-5630 | high | 7.5 | 8.5 | 10y ago | PEAR core file overwrite vulnerability | |||
| CVE-2017-5594 | high | 7.5 | 8.5 | 10y ago | Pagekit Weak Password Recovery Mechanism for Forgotten Password | |||
| CVE-2017-20226 | high | 8.4 | 8.4 | 2mo ago | Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer… | |||
| CVE-2017-15357 | high | 7.4 | 8.4 | 9y ago | The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | |||
| CVE-2017-8001 | high | 8.4 | 8.4 | 9y ago | An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log… | |||
| CVE-2017-16927 | high | 8.4 | 8.4 | 9y ago | The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of servic… | |||
| CVE-2017-8155 | high | 8.4 | 8.4 | 9y ago | The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor … | |||
| CVE-2017-2726 | high | 8.4 | 8.4 | 9y ago | Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root priv… | |||
| CVE-2017-2724 | high | 8.4 | 8.4 | 9y ago | Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root priv… | |||
| CVE-2017-6168 | high | 7.4 | 8.4 | 9y ago | On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may b… | |||
| CVE-2017-15643 | high | 7.4 | 8.4 | 9y ago | An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum … | |||
| CVE-2017-10398 | high | 8.4 | 8.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). The supported version that is affected is 9.0.2.0. Easily … | |||
| CVE-2017-5700 | high | 8.4 | 8.4 | 9y ago | Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator… | |||
| CVE-2017-11652 | high | 8.4 | 8.4 | 9y ago | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. | |||
| CVE-2017-1000364 | high | 7.4 | 8.4 | 9y ago | An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this af… | |||
| CVE-2017-7884 | high | 8.4 | 8.4 | 9y ago | In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by rep… | |||
| CVE-2017-2214 | high | 8.4 | 8.4 | 9y ago | Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified direc… | |||
| CVE-2017-9355 | high | 7.4 | 8.4 | 9y ago | XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist… | |||
| CVE-2017-3582 | high | 8.4 | 8.4 | 9y ago | Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: Backup/Restore Utility). Supported versions that are affected are 2.3.8 and 2.… | |||
| CVE-2017-2583 | high | 8.4 | 8.4 | 9y ago | The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a… | |||
| CVE-2017-3332 | high | 8.4 | 8.4 | 10y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior t… | |||
| CVE-2017-10146 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulne… | |||
| CVE-2017-10116 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedde… | |||
| CVE-2017-10114 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthent… | |||
| CVE-2017-10074 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. … | |||
| CVE-2017-10061 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily explo… | |||
| CVE-2017-10013 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is AK 2013. Difficult to … | |||
| CVE-2017-11657 | high | 7.3 | 8.3 | 9y ago | Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory. | |||
| CVE-2017-1297 | high | 7.3 | 8.3 | 9y ago | IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a loca… | |||
| CVE-2017-7180 | high | 7.3 | 8.3 | 9y ago | Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privi… | |||
| CVE-2017-8914 | high | 8.3 | 8.3 | 9y ago | sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. | |||
| CVE-2017-0233 | high | 8.3 | 8.3 | 9y ago | An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulner… | |||
| CVE-2017-3580 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Difficult to … | |||
| CVE-2017-3514 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unaut… | |||
| CVE-2017-3512 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthentica… | |||
| CVE-2017-3306 | high | 8.3 | 8.3 | 9y ago | Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3… | |||
| CVE-2017-2319 | high | 8.3 | 8.3 | 9y ago | A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity withou… | |||
| CVE-2017-7358 | high | 7.3 | 8.3 | 9y ago | In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user … | |||
| CVE-2017-3260 | high | 8.3 | 8.3 | 10y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthentica… | |||
| CVE-2017-12350 | high | 8.2 | 8.2 | 9y ago | A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulne… | |||
| CVE-2017-12636 | high | 7.2 | 8.2 | 9y ago | multiple issues in couchdb | |||
| CVE-2017-2895 | high | 8.2 | 8.2 | 9y ago | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bou… | |||
| CVE-2017-3446 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2… | |||
| CVE-2017-3445 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2… | |||
| CVE-2017-3444 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2… | |||
| CVE-2017-10417 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5, … | |||
| CVE-2017-10416 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5, … | |||
| CVE-2017-10415 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Others). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 1… | |||
| CVE-2017-10414 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Checkout and Order Placement). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, … | |||
| CVE-2017-10413 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Multiplatform Based on HTML5). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12… | |||
| CVE-2017-10412 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, … | |||
| CVE-2017-10411 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, … | |||
| CVE-2017-10410 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, … | |||
| CVE-2017-10409 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 an… | |||
| CVE-2017-10360 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Eas… | |||
| CVE-2017-10354 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exp… | |||
| CVE-2017-10338 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exp… | |||
| CVE-2017-10326 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 1… | |||
| CVE-2017-10325 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 1… | |||
| CVE-2017-10323 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite (subcomponent: Application Service). Supported versions that are affected are 12.1.1, 12.1.2, 12.1… | |||
| CVE-2017-10303 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Setup). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily expl… | |||
| CVE-2017-10270 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Microsoft Active Directory). The supported version that is affected is 9.1.1.5.0. Easily ex… | |||
| CVE-2017-10263 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows un… | |||
| CVE-2017-10190 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged att… | |||
| CVE-2017-10060 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, … | |||
| CVE-2017-10050 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable … | |||
| CVE-2017-10034 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Core Formatting API). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploita… | |||
| CVE-2017-10026 | high | 8.2 | 8.2 | 9y ago | Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Fabric Layer). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows… | |||
| CVE-2017-9625 | high | 8.2 | 8.2 | 9y ago | An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view informat… | |||
| CVE-2017-1000119 | high | 7.2 | 8.2 | 9y ago | October CMS PHP Code Execution | |||
| CVE-2017-11321 | high | 7.2 | 8.2 | 9y ago | The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. | |||
| CVE-2017-12069 | high | 8.2 | 8.2 | 9y ago | An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7… | |||
| CVE-2017-1192 | high | 8.2 | 8.2 | 9y ago | IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive … |