CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8821 | high | 7.5 | 7.5 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via c… | |||
| CVE-2017-8820 | high | 7.5 | 7.5 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer deref… | |||
| CVE-2017-8819 | high | 7.5 | 7.5 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion … | |||
| CVE-2017-16612 | high | 7.5 | 7.5 | 9y ago | libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack ve… | |||
| CVE-2017-14486 | high | 7.5 | 7.5 | 9y ago | The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease se… | |||
| CVE-2017-13663 | high | 7.5 | 7.5 | 9y ago | Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | |||
| CVE-2017-15701 | high | 7.5 | 7.5 | 9y ago | Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption | |||
| CVE-2017-10901 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. | |||
| CVE-2017-10895 | high | 7.5 | 7.5 | 9y ago | sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2017-10894 | high | 7.5 | 7.5 | 9y ago | StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2017-10874 | high | 7.5 | 7.5 | 9y ago | PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks. | |||
| CVE-2017-17084 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. | |||
| CVE-2017-17083 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginni… | |||
| CVE-2017-11286 | high | 7.5 | 7.5 | 9y ago | Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||
| CVE-2017-1000406 | high | 7.5 | 7.5 | 9y ago | Password change doesn't result in Karaf clearing cache | |||
| CVE-2017-14949 | high | 7.5 | 7.5 | 9y ago | Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request | |||
| CVE-2017-14868 | high | 7.5 | 7.5 | 9y ago | Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider | |||
| CVE-2017-17065 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (d… | |||
| CVE-2017-14196 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files … | |||
| CVE-2017-8019 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets … | |||
| CVE-2017-17042 | high | 7.5 | 7.5 | 9y ago | lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitr… | |||
| CVE-2017-15275 | high | 7.5 | 7.5 | 9y ago | Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | |||
| CVE-2017-15054 | high | 7.5 | 7.5 | 9y ago | TeamPass arbitrary file upload vulnerability | |||
| CVE-2017-14390 | high | 7.5 | 7.5 | 9y ago | In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations. | |||
| CVE-2017-13699 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent … | |||
| CVE-2017-13698 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them agains… | |||
| CVE-2017-8174 | high | 7.5 | 7.5 | 9y ago | Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the we… | |||
| CVE-2017-8167 | high | 7.5 | 7.5 | 9y ago | Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target devi… | |||
| CVE-2017-8147 | high | 7.5 | 7.5 | 9y ago | AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,Clou… | |||
| CVE-2017-2704 | high | 7.5 | 7.5 | 9y ago | Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlie… | |||
| CVE-2017-2700 | high | 7.5 | 7.5 | 9y ago | AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS… | |||
| CVE-2017-8863 | high | 7.5 | 7.5 | 9y ago | Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser. | |||
| CVE-2017-16892 | high | 7.5 | 7.5 | 9y ago | In Bftpd before 4.7, there is a memory leak in the file rename function. | |||
| CVE-2017-1000230 | high | 7.5 | 7.5 | 9y ago | The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulti… | |||
| CVE-2017-13703 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. | |||
| CVE-2017-16877 | high | 7.5 | 7.5 | 9y ago | Next.js Directory Traversal Vulnerability | |||
| CVE-2017-1000191 | high | 7.5 | 7.5 | 9y ago | Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. | |||
| CVE-2017-16875 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection wi… | |||
| CVE-2017-4928 | high | 7.5 | 7.5 | 9y ago | The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization … | |||
| CVE-2017-4927 | high | 7.5 | 7.5 | 9y ago | VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | |||
| CVE-2017-1000129 | high | 7.5 | 7.5 | 9y ago | Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | |||
| CVE-2017-1000125 | high | 7.5 | 7.5 | 9y ago | Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | |||
| CVE-2017-1000247 | high | 7.5 | 7.5 | 9y ago | CodeIgniter HTTP Header Injection | |||
| CVE-2017-1000189 | high | 7.5 | 7.5 | 9y ago | nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | |||
| CVE-2017-1000200 | high | 7.5 | 7.5 | 9y ago | tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service | |||
| CVE-2017-1000199 | high | 7.5 | 7.5 | 9y ago | tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | |||
| CVE-2017-1000198 | high | 7.5 | 7.5 | 9y ago | tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service | |||
| CVE-2017-1000195 | high | 7.5 | 7.5 | 9y ago | October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. | |||
| CVE-2017-0859 | high | 7.5 | 7.5 | 9y ago | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131. | |||
| CVE-2017-0858 | high | 7.5 | 7.5 | 9y ago | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894. | |||
| CVE-2017-0857 | high | 7.5 | 7.5 | 9y ago | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447. | |||
| CVE-2017-0852 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506. | |||
| CVE-2017-0845 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. | |||
| CVE-2017-0840 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670. | |||
| CVE-2017-0839 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003. | |||
| CVE-2017-9701 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting … | |||
| CVE-2017-9696 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Varia… | |||
| CVE-2017-8279 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over… | |||
| CVE-2017-11093 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading "… | |||
| CVE-2017-11090 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space applicat… | |||
| CVE-2017-11089 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends … | |||
| CVE-2017-11058 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can oc… | |||
| CVE-2017-11028 | high | 7.5 | 7.5 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to … | |||
| CVE-2017-16719 | high | 7.5 | 7.5 | 9y ago | An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 … | |||
| CVE-2017-16715 | high | 7.5 | 7.5 | 9y ago | An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 V… | |||
| CVE-2017-14028 | high | 7.5 | 7.5 | 9y ago | A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Ver… | |||
| CVE-2017-12318 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or vi… | |||
| CVE-2017-12316 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured l… | |||
| CVE-2017-15923 | high | 7.5 | 7.5 | 9y ago | Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | |||
| CVE-2017-8815 | high | 7.5 | 7.5 | 9y ago | The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. | |||
| CVE-2017-8814 | high | 7.5 | 7.5 | 9y ago | The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | |||
| CVE-2017-8810 | high | 7.5 | 7.5 | 9y ago | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the userna… | |||
| CVE-2017-8700 | high | 7.5 | 7.5 | 9y ago | Cross-origin Resource Sharing bypass in ASP.NET Core | |||
| CVE-2017-11883 | high | 7.5 | 7.5 | 9y ago | Denial of service in ASP.NET Core | |||
| CVE-2017-11871 | high | 7.5 | 7.5 | 9y ago | Chakra Core vulnerable to privilege escalation due to reading an invalid pointer | |||
| CVE-2017-11869 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 … | |||
| CVE-2017-11866 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due… | |||
| CVE-2017-11862 | high | 7.5 | 7.5 | 9y ago | Chakra Core vulnerable to privilege escalation due to type confusion | |||
| CVE-2017-11858 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Wi… | |||
| CVE-2017-11856 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 … | |||
| CVE-2017-11846 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Wi… | |||
| CVE-2017-11845 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge M… | |||
| CVE-2017-11843 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Window… | |||
| CVE-2017-11838 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10… | |||
| CVE-2017-11837 | high | 7.5 | 7.5 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10… | |||
| CVE-2017-11836 | high | 7.5 | 7.5 | 9y ago | ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due… | |||
| CVE-2017-11827 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511… | |||
| CVE-2017-11788 | high | 7.5 | 7.5 | 9y ago | Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows se… | |||
| CVE-2017-11770 | high | 7.5 | 7.5 | 9y ago | Improper Certificate Validation | |||
| CVE-2017-10267 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerabi… | |||
| CVE-2017-6275 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as… | |||
| CVE-2017-16803 | high | 7.5 | 7.5 | 9y ago | In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of se… | |||
| CVE-2017-10875 | high | 7.5 | 7.5 | 9y ago | I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. | |||
| CVE-2017-16520 | high | 7.5 | 7.5 | 9y ago | Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | |||
| CVE-2017-16762 | high | 7.5 | 7.5 | 9y ago | Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | |||
| CVE-2017-11512 | high | 7.5 | 7.5 | 9y ago | The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticat… | |||
| CVE-2017-11511 | high | 7.5 | 7.5 | 9y ago | The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticat… | |||
| CVE-2017-15865 | high | 7.5 | 7.5 | 9y ago | bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE… | |||
| CVE-2017-15087 | high | 7.5 | 7.5 | 9y ago | It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||
| CVE-2017-14360 | high | 7.5 | 7.5 | 9y ago | A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). |