CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6297 | medium | 5.9 | 5.9 | 9y ago | The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain… | |||
| CVE-2017-5163 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, whi… | |||
| CVE-2017-3896 | medium | 5.9 | 5.9 | 9y ago | Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters v… | |||
| CVE-2017-5858 | medium | 5.9 | 5.9 | 9y ago | User Impersonation in converse.js | |||
| CVE-2017-5606 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5605 | medium | 5.9 | 5.9 | 9y ago | XMPP Clients User Impersonation Vulnerability in Movim Moxl | |||
| CVE-2017-5604 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5603 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5602 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5593 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5592 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5591 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5590 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5589 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5933 | medium | 5.9 | 5.9 | 9y ago | Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for rem… | |||
| CVE-2017-3242 | medium | 5.9 | 5.9 | 10y ago | Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable v… | |||
| CVE-2017-5544 | medium | 5.9 | 5.9 | 10y ago | An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly… | |||
| CVE-2017-12353 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypa… | |||
| CVE-2017-12328 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition b… | |||
| CVE-2017-12311 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it rec… | |||
| CVE-2017-12300 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message… | |||
| CVE-2017-14618 | medium | 4.8 | 5.8 | 9y ago | Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | |||
| CVE-2017-12218 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, re… | |||
| CVE-2017-10173 | medium | 5.8 | 5.8 | 9y ago | Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Website). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 … | |||
| CVE-2017-10148 | medium | 5.8 | 5.8 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. … | |||
| CVE-2017-3865 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunn… | |||
| CVE-2017-6620 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management A… | |||
| CVE-2017-6613 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead t… | |||
| CVE-2017-0191 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objec… | |||
| CVE-2017-0186 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fa… | |||
| CVE-2017-0185 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fa… | |||
| CVE-2017-0183 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server… | |||
| CVE-2017-0182 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server… | |||
| CVE-2017-0179 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from … | |||
| CVE-2017-0168 | medium | 5.8 | 5.8 | 9y ago | An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 20… | |||
| CVE-2017-7200 | medium | 5.8 | 5.8 | 9y ago | OpenStack Glance Server-Side Request Forgery (SSRF) | |||
| CVE-2017-3870 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. A… | |||
| CVE-2017-3827 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauth… | |||
| CVE-2017-3818 | medium | 5.8 | 5.8 | 10y ago | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypa… | |||
| CVE-2017-3814 | medium | 5.8 | 5.8 | 10y ago | A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More I… | |||
| CVE-2017-3809 | medium | 5.8 | 5.8 | 10y ago | A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule ba… | |||
| CVE-2017-3255 | medium | 5.8 | 5.8 | 10y ago | Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1… | |||
| CVE-2017-3252 | medium | 5.8 | 5.8 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8… | |||
| CVE-2017-3800 | medium | 5.8 | 5.8 | 10y ago | A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or cont… | |||
| CVE-2017-15532 | medium | 5.7 | 5.7 | 9y ago | Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stor… | |||
| CVE-2017-12351 | medium | 5.7 | 5.7 | 9y ago | A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An atta… | |||
| CVE-2017-12339 | medium | 5.7 | 5.7 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation… | |||
| CVE-2017-11831 | medium | 4.7 | 5.7 | 9y ago | Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Serv… | |||
| CVE-2017-5201 | medium | 5.7 | 5.7 | 9y ago | NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability tha… | |||
| CVE-2017-13683 | medium | 5.7 | 5.7 | 9y ago | In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that … | |||
| CVE-2017-13682 | medium | 5.7 | 5.7 | 9y ago | In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way th… | |||
| CVE-2017-14937 | medium | 4.7 | 5.7 | 9y ago | The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control unit… | |||
| CVE-2017-10389 | medium | 5.7 | 5.7 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnera… | |||
| CVE-2017-10051 | medium | 5.7 | 5.7 | 9y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulne… | |||
| CVE-2017-8708 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-6775 | medium | 5.7 | 5.7 | 9y ago | A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to a… | |||
| CVE-2017-11348 | medium | 5.7 | 5.7 | 9y ago | In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or m… | |||
| CVE-2017-9773 | medium | 5.7 | 5.7 | 9y ago | Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. | |||
| CVE-2017-1214 | medium | 5.7 | 5.7 | 9y ago | IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854. | |||
| CVE-2017-9546 | medium | 5.7 | 5.7 | 9y ago | admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name. | |||
| CVE-2017-0259 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive info… | |||
| CVE-2017-0258 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server … | |||
| CVE-2017-0245 | medium | 4.7 | 5.7 | 9y ago | The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain ker… | |||
| CVE-2017-0220 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, … | |||
| CVE-2017-0175 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Inform… | |||
| CVE-2017-5042 | medium | 5.7 | 5.7 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3597 | medium | 5.7 | 5.7 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-0058 | medium | 4.7 | 5.7 | 9y ago | A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability co… | |||
| CVE-2017-0062 | medium | 4.7 | 5.7 | 9y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol… | |||
| CVE-2017-3292 | medium | 5.7 | 5.7 | 10y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily explo… | |||
| CVE-2017-3276 | medium | 5.7 | 5.7 | 10y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit… | |||
| CVE-2017-5754 | medium | 5.6 | 5.6 | 9y ago | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel a… | |||
| CVE-2017-17565 | medium | 5.6 | 5.6 | 9y ago | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion … | |||
| CVE-2017-14013 | medium | 5.6 | 5.6 | 9y ago | A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on… | |||
| CVE-2017-14007 | medium | 5.6 | 5.6 | 9y ago | An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing… | |||
| CVE-2017-15038 | medium | 5.6 | 5.6 | 9y ago | Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to rea… | |||
| CVE-2017-14317 | medium | 5.6 | 5.6 | 9y ago | A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xens… | |||
| CVE-2017-9330 | medium | 5.6 | 5.6 | 9y ago | QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return valu… | |||
| CVE-2017-9310 | medium | 5.6 | 5.6 | 9y ago | QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the ini… | |||
| CVE-2017-3265 | medium | 5.6 | 5.6 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. … | |||
| CVE-2017-7468 | medium | — | 5.5 | — | In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is a… | |||
| CVE-2017-15092 | medium | — | 5.5 | — | A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing… | |||
| CVE-2017-11544 | medium | — | 5.5 | — | denial of service in tcpdump | |||
| CVE-2017-15090 | medium | — | 5.5 | — | An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed dat… | |||
| CVE-2017-15094 | medium | — | 5.5 | — | An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are … | |||
| CVE-2017-15107 | medium | — | 5.5 | — | A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostname… | |||
| CVE-2017-17723 | medium | — | 5.5 | — | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial o… | |||
| CVE-2017-17725 | medium | — | 5.5 | — | In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of … | |||
| CVE-2017-17724 | medium | — | 5.5 | — | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to ca… | |||
| CVE-2017-18199 | medium | — | 5.5 | — | realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. | |||
| CVE-2017-18184 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc. | |||
| CVE-2017-18186 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc. | |||
| CVE-2017-15715 | medium | — | 5.5 | — | multiple issues in apache | |||
| CVE-2017-2669 | medium | — | 5.5 | — | Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_exp… | |||
| CVE-2017-18183 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc. | |||
| CVE-2017-15710 | medium | — | 5.5 | — | multiple issues in apache | |||
| CVE-2017-3140 | medium | — | 5.5 | — | If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.… | |||
| CVE-2017-18198 | medium | — | 5.5 | — | print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a craf… | |||
| CVE-2017-18185 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter. | |||
| CVE-2017-17722 | medium | — | 5.5 | — | In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file. |