CVEs from 2017
Total
11,664
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9583 | medium | 5.9 | 5.9 | 9y ago | The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at… | |||
| CVE-2017-9582 | medium | 5.9 | 5.9 | 9y ago | The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-mobile-banking/id674215747 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers t… | |||
| CVE-2017-9581 | medium | 5.9 | 5.9 | 9y ago | The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which … | |||
| CVE-2017-9580 | medium | 5.9 | 5.9 | 9y ago | The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which a… | |||
| CVE-2017-9579 | medium | 5.9 | 5.9 | 9y ago | The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle att… | |||
| CVE-2017-9578 | medium | 5.9 | 5.9 | 9y ago | The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof server… | |||
| CVE-2017-9577 | medium | 5.9 | 5.9 | 9y ago | The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which… | |||
| CVE-2017-9576 | medium | 5.9 | 5.9 | 9y ago | The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL serv… | |||
| CVE-2017-9575 | medium | 5.9 | 5.9 | 9y ago | The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-midd… | |||
| CVE-2017-9574 | medium | 5.9 | 5.9 | 9y ago | The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which… | |||
| CVE-2017-9573 | medium | 5.9 | 5.9 | 9y ago | The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and … | |||
| CVE-2017-9572 | medium | 5.9 | 5.9 | 9y ago | The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive … | |||
| CVE-2017-9571 | medium | 5.9 | 5.9 | 9y ago | The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob… | |||
| CVE-2017-9570 | medium | 5.9 | 5.9 | 9y ago | The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sens… | |||
| CVE-2017-9569 | medium | 5.9 | 5.9 | 9y ago | The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive… | |||
| CVE-2017-9568 | medium | 5.9 | 5.9 | 9y ago | The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inf… | |||
| CVE-2017-9567 | medium | 5.9 | 5.9 | 9y ago | The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informati… | |||
| CVE-2017-9566 | medium | 5.9 | 5.9 | 9y ago | The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive infor… | |||
| CVE-2017-9565 | medium | 5.9 | 5.9 | 9y ago | The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensi… | |||
| CVE-2017-9564 | medium | 5.9 | 5.9 | 9y ago | The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information… | |||
| CVE-2017-9563 | medium | 5.9 | 5.9 | 9y ago | The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitiv… | |||
| CVE-2017-9562 | medium | 5.9 | 5.9 | 9y ago | The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers… | |||
| CVE-2017-9561 | medium | 5.9 | 5.9 | 9y ago | The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inf… | |||
| CVE-2017-9560 | medium | 5.9 | 5.9 | 9y ago | The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inform… | |||
| CVE-2017-9559 | medium | 5.9 | 5.9 | 9y ago | The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informa… | |||
| CVE-2017-9558 | medium | 5.9 | 5.9 | 9y ago | The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti… | |||
| CVE-2017-7677 | medium | 5.9 | 5.9 | 9y ago | Moderate severity vulnerability that affects org.apache.ranger:ranger | |||
| CVE-2017-8242 | medium | 5.9 | 5.9 | 9y ago | In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. | |||
| CVE-2017-6656 | medium | 5.9 | 5.9 | 9y ago | A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition d… | |||
| CVE-2017-4971 | medium | 5.9 | 5.9 | 9y ago | Insecure Default Initialization of Resource in Pivotal Spring Web Flow | |||
| CVE-2017-4970 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth… | |||
| CVE-2017-9526 | medium | 5.9 | 5.9 | 9y ago | In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ec… | |||
| CVE-2017-1179 | medium | 5.9 | 5.9 | 9y ago | IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. | |||
| CVE-2017-6512 | medium | 5.9 | 5.9 | 9y ago | Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loos… | |||
| CVE-2017-2309 | medium | 5.9 | 5.9 | 9y ago | On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. Th… | |||
| CVE-2017-6988 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbit… | |||
| CVE-2017-9045 | medium | 5.9 | 5.9 | 9y ago | The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof … | |||
| CVE-2017-8943 | medium | 5.9 | 5.9 | 9y ago | The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certi… | |||
| CVE-2017-8942 | medium | 5.9 | 5.9 | 9y ago | The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof ser… | |||
| CVE-2017-8941 | medium | 5.9 | 5.9 | 9y ago | The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio… | |||
| CVE-2017-8940 | medium | 5.9 | 5.9 | 9y ago | The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit… | |||
| CVE-2017-8939 | medium | 5.9 | 5.9 | 9y ago | The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat… | |||
| CVE-2017-8938 | medium | 5.9 | 5.9 | 9y ago | The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c… | |||
| CVE-2017-8937 | medium | 5.9 | 5.9 | 9y ago | The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted c… | |||
| CVE-2017-8936 | medium | 5.9 | 5.9 | 9y ago | The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof… | |||
| CVE-2017-8935 | medium | 5.9 | 5.9 | 9y ago | The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inf… | |||
| CVE-2017-7485 | medium | 5.9 | 5.9 | 9y ago | In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connectio… | |||
| CVE-2017-0280 | medium | 5.9 | 5.9 | 9y ago | The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID… | |||
| CVE-2017-0276 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0275 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0274 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0273 | medium | 5.9 | 5.9 | 9y ago | The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID… | |||
| CVE-2017-0271 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0270 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0269 | medium | 5.9 | 5.9 | 9y ago | The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID… | |||
| CVE-2017-0268 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0267 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0171 | medium | 5.9 | 5.9 | 9y ago | Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer versio… | |||
| CVE-2017-8851 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact… | |||
| CVE-2017-8850 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers c… | |||
| CVE-2017-5948 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check tha… | |||
| CVE-2017-6137 | medium | 5.9 | 5.9 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclo… | |||
| CVE-2017-6024 | medium | 5.9 | 5.9 | 9y ago | A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28… | |||
| CVE-2017-8060 | medium | 5.9 | 5.9 | 9y ago | Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during… | |||
| CVE-2017-8058 | medium | 5.9 | 5.9 | 9y ago | Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent du… | |||
| CVE-2017-5919 | medium | 5.9 | 5.9 | 9y ago | The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cra… | |||
| CVE-2017-5918 | medium | 5.9 | 5.9 | 9y ago | The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a… | |||
| CVE-2017-5916 | medium | 5.9 | 5.9 | 9y ago | The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2017-5915 | medium | 5.9 | 5.9 | 9y ago | The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middl… | |||
| CVE-2017-5914 | medium | 5.9 | 5.9 | 9y ago | The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted… | |||
| CVE-2017-5913 | medium | 5.9 | 5.9 | 9y ago | The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a … | |||
| CVE-2017-5912 | medium | 5.9 | 5.9 | 9y ago | The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit… | |||
| CVE-2017-5911 | medium | 5.9 | 5.9 | 9y ago | The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitiv… | |||
| CVE-2017-5909 | medium | 5.9 | 5.9 | 9y ago | The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit… | |||
| CVE-2017-5907 | medium | 5.9 | 5.9 | 9y ago | The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai… | |||
| CVE-2017-5906 | medium | 5.9 | 5.9 | 9y ago | The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an… | |||
| CVE-2017-5905 | medium | 5.9 | 5.9 | 9y ago | The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted … | |||
| CVE-2017-5902 | medium | 5.9 | 5.9 | 9y ago | The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific… | |||
| CVE-2017-5901 | medium | 5.9 | 5.9 | 9y ago | The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive infor… | |||
| CVE-2017-3213 | medium | 5.9 | 5.9 | 9y ago | The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information … | |||
| CVE-2017-3212 | medium | 5.9 | 5.9 | 9y ago | The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai… | |||
| CVE-2017-3732 | medium | 5.9 | 5.9 | 9y ago | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks agai… | |||
| CVE-2017-2110 | medium | 5.9 | 5.9 | 9y ago | The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sen… | |||
| CVE-2017-2105 | medium | 5.9 | 5.9 | 9y ago | The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte… | |||
| CVE-2017-2104 | medium | 5.9 | 5.9 | 9y ago | The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio… | |||
| CVE-2017-2103 | medium | 5.9 | 5.9 | 9y ago | The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c… | |||
| CVE-2017-3594 | medium | 5.9 | 5.9 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-3526 | medium | 5.9 | 5.9 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8… | |||
| CVE-2017-7461 | medium | 4.9 | 5.9 | 9y ago | Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a v… | |||
| CVE-2017-3887 | medium | 5.9 | 5.9 | 9y ago | A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of servic… | |||
| CVE-2017-3885 | medium | 5.9 | 5.9 | 9y ago | A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of servi… | |||
| CVE-2017-2448 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows … | |||
| CVE-2017-2412 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data… | |||
| CVE-2017-5622 | medium | 5.9 | 5.9 | 9y ago | With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open … | |||
| CVE-2017-6507 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have … | |||
| CVE-2017-3850 | medium | 5.9 | 5.9 | 9y ago | A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated,… | |||
| CVE-2017-0016 | medium | 5.9 | 5.9 | 9y ago | Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allow… | |||
| CVE-2017-5831 | medium | 5.9 | 5.9 | 9y ago | Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | |||
| CVE-2017-6344 | medium | 5.9 | 5.9 | 9y ago | XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | |||
| CVE-2017-6341 | medium | 5.9 | 5.9 | 9y ago | Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to … |