CVEs from 2017
Total
11,664
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0109 | high | 7.6 | 7.6 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows gu… | |||
| CVE-2017-0095 | high | 7.6 | 7.6 | 9y ago | Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V… | |||
| CVE-2017-0075 | high | 7.6 | 7.6 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows gu… | |||
| CVE-2017-5165 | high | 7.6 | 7.6 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vu… | |||
| CVE-2017-3330 | high | 7.6 | 7.6 | 10y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows low privileged… | |||
| CVE-2017-14696 | high | 7.5 | 7.5 | 4y ago | SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | |||
| CVE-2017-14033 | high | 7.5 | 7.5 | 4y ago | Ruby OpenSSL DoS Vulnerability | |||
| CVE-2017-5936 | high | 7.5 | 7.5 | 4y ago | OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restriction… | |||
| CVE-2017-1000026 | high | 7.5 | 7.5 | 4y ago | Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | |||
| CVE-2017-12626 | high | 7.5 | 7.5 | 5y ago | Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Me… | |||
| CVE-2017-16932 | high | 7.5 | 7.5 | 9y ago | Nokogiri gem, via libxml, is affected by DoS vulnerabilities | |||
| CVE-2017-17997 | high | 7.5 | 7.5 | 9y ago | In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar… | |||
| CVE-2017-17901 | high | 7.5 | 7.5 | 9y ago | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | |||
| CVE-2017-17935 | high | 7.5 | 7.5 | 9y ago | The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflo… | |||
| CVE-2017-17898 | high | 7.5 | 7.5 | 9y ago | Dolibarr sensitive information disclosure | |||
| CVE-2017-17850 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must… | |||
| CVE-2017-17848 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a … | |||
| CVE-2017-17847 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the enti… | |||
| CVE-2017-17846 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003. | |||
| CVE-2017-12741 | high | 7.5 | 7.5 | 9y ago | Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually. | |||
| CVE-2017-13903 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the … | |||
| CVE-2017-13874 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection me… | |||
| CVE-2017-13871 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/… | |||
| CVE-2017-14022 | high | 7.5 | 7.5 | 9y ago | An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with Fact… | |||
| CVE-2017-15328 | high | 7.5 | 7.5 | 9y ago | Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the priv… | |||
| CVE-2017-15324 | high | 7.5 | 7.5 | 9y ago | Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnera… | |||
| CVE-2017-15320 | high | 7.5 | 7.5 | 9y ago | RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bou… | |||
| CVE-2017-15319 | high | 7.5 | 7.5 | 9y ago | RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bou… | |||
| CVE-2017-15318 | high | 7.5 | 7.5 | 9y ago | RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bou… | |||
| CVE-2017-15317 | high | 7.5 | 7.5 | 9y ago | AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R0… | |||
| CVE-2017-10908 | high | 7.5 | 7.5 | 9y ago | H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. | |||
| CVE-2017-10869 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors. | |||
| CVE-2017-10868 | high | 7.5 | 7.5 | 9y ago | H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. | |||
| CVE-2017-6167 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being execute… | |||
| CVE-2017-6151 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers … | |||
| CVE-2017-6140 | high | 7.5 | 7.5 | 9y ago | On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 1… | |||
| CVE-2017-6138 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profil… | |||
| CVE-2017-6135 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP … | |||
| CVE-2017-6133 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. | |||
| CVE-2017-6132 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of… | |||
| CVE-2017-6129 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow no… | |||
| CVE-2017-17818 | high | 7.5 | 7.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. | |||
| CVE-2017-14385 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior t… | |||
| CVE-2017-1598 | high | 7.5 | 7.5 | 9y ago | IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. | |||
| CVE-2017-17793 | high | 7.5 | 7.5 | 9y ago | Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read… | |||
| CVE-2017-17783 | high | 7.5 | 7.5 | 9y ago | In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. | |||
| CVE-2017-17763 | high | 7.5 | 7.5 | 9y ago | SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to sen… | |||
| CVE-2017-17740 | high | 7.5 | 7.5 | 9y ago | contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows r… | |||
| CVE-2017-3190 | high | 7.5 | 7.5 | 9y ago | Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an atta… | |||
| CVE-2017-14091 | high | 7.5 | 7.5 | 9y ago | A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensi… | |||
| CVE-2017-17684 | high | 7.5 | 7.5 | 9y ago | Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request. | |||
| CVE-2017-17683 | high | 7.5 | 7.5 | 9y ago | Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request. | |||
| CVE-2017-17537 | high | 7.5 | 7.5 | 9y ago | MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, po… | |||
| CVE-2017-17568 | high | 7.5 | 7.5 | 9y ago | Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive inform… | |||
| CVE-2017-17567 | high | 7.5 | 7.5 | 9y ago | Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | |||
| CVE-2017-11930 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows … | |||
| CVE-2017-11916 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11913 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2… | |||
| CVE-2017-11912 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in W… | |||
| CVE-2017-11910 | high | 7.5 | 7.5 | 9y ago | ChakraCore vulnerable to remote code execution due to insufficient InlineCache check | |||
| CVE-2017-11908 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11905 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11901 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 … | |||
| CVE-2017-11895 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 1… | |||
| CVE-2017-11894 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge … | |||
| CVE-2017-11889 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-11888 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge… | |||
| CVE-2017-11886 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker… | |||
| CVE-2017-16680 | high | 7.5 | 7.5 | 9y ago | Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could al… | |||
| CVE-2017-15942 | high | 7.5 | 7.5 | 9y ago | Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management in… | |||
| CVE-2017-17497 | high | 7.5 | 7.5 | 9y ago | In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" proces… | |||
| CVE-2017-16241 | high | 7.5 | 7.5 | 9y ago | Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote atta… | |||
| CVE-2017-3111 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. | |||
| CVE-2017-16366 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-11480 | high | 7.5 | 7.5 | 9y ago | Denial of service in github.com/elastic/beats | |||
| CVE-2017-17463 | high | 7.5 | 7.5 | 9y ago | Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. | |||
| CVE-2017-1000410 | high | 7.5 | 7.5 | 9y ago | The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of… | |||
| CVE-2017-1271 | high | 7.5 | 7.5 | 9y ago | IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption o… | |||
| CVE-2017-17068 | high | 7.5 | 7.5 | 9y ago | auth0-js Privilege Escalation Vulnerability | |||
| CVE-2017-17439 | high | 7.5 | 7.5 | 9y ago | In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditiona… | |||
| CVE-2017-13175 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175. | |||
| CVE-2017-13169 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375. | |||
| CVE-2017-13164 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193. | |||
| CVE-2017-13159 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772. | |||
| CVE-2017-13158 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915. | |||
| CVE-2017-13157 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341. | |||
| CVE-2017-13152 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384. | |||
| CVE-2017-17432 | high | 7.5 | 7.5 | 9y ago | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated… | |||
| CVE-2017-11031 | high | 7.5 | 7.5 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free cond… | |||
| CVE-2017-17066 | high | 7.5 | 7.5 | 9y ago | The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitiv… | |||
| CVE-2017-12079 | high | 7.5 | 7.5 | 9y ago | Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via p… | |||
| CVE-2017-17104 | high | 7.5 | 7.5 | 9y ago | Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | |||
| CVE-2017-17102 | high | 7.5 | 7.5 | 9y ago | Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | |||
| CVE-2017-8821 | high | 7.5 | 7.5 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via c… | |||
| CVE-2017-8820 | high | 7.5 | 7.5 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer deref… | |||
| CVE-2017-8819 | high | 7.5 | 7.5 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion … | |||
| CVE-2017-16612 | high | 7.5 | 7.5 | 9y ago | libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack ve… | |||
| CVE-2017-14486 | high | 7.5 | 7.5 | 9y ago | The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease se… | |||
| CVE-2017-13663 | high | 7.5 | 7.5 | 9y ago | Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | |||
| CVE-2017-15701 | high | 7.5 | 7.5 | 9y ago | Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption |