CVEs from 2017
Total
11,664
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3840 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect V… | |||
| CVE-2017-3838 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interf… | |||
| CVE-2017-3833 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web i… | |||
| CVE-2017-3829 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… | |||
| CVE-2017-3828 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… | |||
| CVE-2017-3821 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Inform… | |||
| CVE-2017-5020 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5018 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5010 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5008 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5007 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5006 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5990 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP… | |||
| CVE-2017-2969 | medium | 6.1 | 6.1 | 9y ago | Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability. | |||
| CVE-2017-5164 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary … | |||
| CVE-2017-5157 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be… | |||
| CVE-2017-5964 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/v… | |||
| CVE-2017-5963 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "cadd… | |||
| CVE-2017-5962 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "force_ua" HTTP GET parameter passed to the "/… | |||
| CVE-2017-5961 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/adm… | |||
| CVE-2017-5960 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/pu… | |||
| CVE-2017-5945 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET paramet… | |||
| CVE-2017-5942 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the conte… | |||
| CVE-2017-5367 | medium | 6.1 | 6.1 | 9y ago | Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute… | |||
| CVE-2017-5877 | medium | 6.1 | 6.1 | 9y ago | XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. | |||
| CVE-2017-5876 | medium | 6.1 | 6.1 | 9y ago | XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | |||
| CVE-2017-5882 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2017-5612 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or… | |||
| CVE-2017-5608 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename. | |||
| CVE-2017-3314 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.0, 12.1.0 and 12.2.0. Ea… | |||
| CVE-2017-3300 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily e… | |||
| CVE-2017-3299 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.54 and 8.55. Easily… | |||
| CVE-2017-3298 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54 and 8.55. Easily expl… | |||
| CVE-2017-5599 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inse… | |||
| CVE-2017-3804 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent … | |||
| CVE-2017-3802 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affect… | |||
| CVE-2017-3798 | medium | 6.1 | 6.1 | 10y ago | A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS att… | |||
| CVE-2017-2929 | medium | 6.1 | 6.1 | 10y ago | Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution. | |||
| CVE-2017-5542 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-fold… | |||
| CVE-2017-2578 | medium | 6.1 | 6.1 | 10y ago | Moodle Cross-site Scripting in assignment submission page | |||
| CVE-2017-5516 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. | |||
| CVE-2017-5490 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or… | |||
| CVE-2017-5488 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version… | |||
| CVE-2017-5474 | medium | 6.1 | 6.1 | 10y ago | Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer hea… | |||
| CVE-2017-3890 | medium | 6.1 | 6.1 | 10y ago | A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execu… | |||
| CVE-2017-1000043 | medium | 6.1 | 6.1 | 11y ago | Content Injection via TileJSON Name in mapbox.js | |||
| CVE-2017-1000042 | medium | 6.1 | 6.1 | 11y ago | Content Injection via TileJSON attribute in mapbox.js | |||
| CVE-2017-12338 | medium | 6.0 | 6.0 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validati… | |||
| CVE-2017-8189 | medium | 6.0 | 6.0 | 9y ago | FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some file… | |||
| CVE-2017-12315 | medium | 6.0 | 6.0 | 9y ago | A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restri… | |||
| CVE-2017-15596 | medium | 6.0 | 6.0 | 9y ago | An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physma… | |||
| CVE-2017-15289 | medium | 6.0 | 6.0 | 9y ago | The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors rel… | |||
| CVE-2017-12168 | medium | 6.0 | 6.0 | 9y ago | The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) b… | |||
| CVE-2017-7932 | medium | 6.0 | 6.0 | 9y ago | An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.… | |||
| CVE-2017-8492 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8491 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8490 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8489 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8488 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8485 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8484 | medium | 5.0 | 6.0 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen… | |||
| CVE-2017-8483 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8482 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8481 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8480 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8479 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8478 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8477 | medium | 5.0 | 6.0 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen… | |||
| CVE-2017-8476 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-8473 | medium | 5.0 | 6.0 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafte… | |||
| CVE-2017-8472 | medium | 5.0 | 6.0 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initiali… | |||
| CVE-2017-8471 | medium | 5.0 | 6.0 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen… | |||
| CVE-2017-8470 | medium | 5.0 | 6.0 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen… | |||
| CVE-2017-8462 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-0300 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-0299 | medium | 5.0 | 6.0 | 9y ago | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all… | |||
| CVE-2017-0289 | medium | 5.0 | 6.0 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |||
| CVE-2017-0288 | medium | 5.0 | 6.0 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |||
| CVE-2017-0287 | medium | 5.0 | 6.0 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |||
| CVE-2017-0286 | medium | 5.0 | 6.0 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |||
| CVE-2017-0285 | medium | 5.0 | 6.0 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office … | |||
| CVE-2017-0284 | medium | 5.0 | 6.0 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office … | |||
| CVE-2017-0282 | medium | 5.0 | 6.0 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office … | |||
| CVE-2017-6666 | medium | 6.0 | 6.0 | 9y ago | A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to… | |||
| CVE-2017-2516 | medium | 5.0 | 6.0 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-7457 | medium | 5.0 | 6.0 | 9y ago | XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. | |||
| CVE-2017-7377 | medium | 6.0 | 6.0 | 9y ago | The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumpti… | |||
| CVE-2017-5141 | medium | 6.0 | 6.0 | 9y ago | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invali… | |||
| CVE-2017-3286 | medium | 6.0 | 6.0 | 10y ago | Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily … | |||
| CVE-2017-3246 | medium | 6.0 | 6.0 | 10y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.… | |||
| CVE-2017-17843 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of… | |||
| CVE-2017-12740 | medium | 5.9 | 5.9 | 9y ago | Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to mani… | |||
| CVE-2017-13864 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man… | |||
| CVE-2017-13860 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers… | |||
| CVE-2017-6139 | medium | 5.9 | 5.9 | 9y ago | In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers r… | |||
| CVE-2017-6136 | medium | 5.9 | 5.9 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, w… | |||
| CVE-2017-17716 | medium | 5.9 | 5.9 | 9y ago | GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was… | |||
| CVE-2017-17718 | medium | 5.9 | 5.9 | 9y ago | The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | |||
| CVE-2017-17664 | medium | 5.9 | 5.9 | 9y ago | A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets ca… | |||
| CVE-2017-17549 | medium | 5.9 | 5.9 | 9y ago | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attack… |