CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11279 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11278 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11277 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11276 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11275 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11272 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. | |||
| CVE-2017-7675 | high | 7.5 | 7.5 | 9y ago | The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypa… | |||
| CVE-2017-3130 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | |||
| CVE-2017-8518 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | |||
| CVE-2017-3156 | high | 7.5 | 7.5 | 9y ago | Covert Timing Channel in Apache CXF | |||
| CVE-2017-8674 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content whe… | |||
| CVE-2017-8672 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser … | |||
| CVE-2017-8669 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an … | |||
| CVE-2017-8661 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting … | |||
| CVE-2017-8655 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft br… | |||
| CVE-2017-8653 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 20… | |||
| CVE-2017-8651 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly acce… | |||
| CVE-2017-8647 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling… | |||
| CVE-2017-8639 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engin… | |||
| CVE-2017-8638 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content whe… | |||
| CVE-2017-8633 | high | 7.5 | 7.5 | 9y ago | Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server… | |||
| CVE-2017-8516 | high | 7.5 | 7.5 | 9y ago | Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforce… | |||
| CVE-2017-0293 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote c… | |||
| CVE-2017-10245 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.… | |||
| CVE-2017-10176 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u13… | |||
| CVE-2017-10144 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitab… | |||
| CVE-2017-10136 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). The supported version that is affected is 2.9. Easily exploitable vulnerab… | |||
| CVE-2017-10118 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JR… | |||
| CVE-2017-10115 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u… | |||
| CVE-2017-10067 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows … | |||
| CVE-2017-10042 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenti… | |||
| CVE-2017-10036 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthen… | |||
| CVE-2017-10016 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is AK 2013. Difficult to … | |||
| CVE-2017-9938 | high | 7.5 | 7.5 | 9y ago | A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to caus… | |||
| CVE-2017-9801 | high | 7.5 | 7.5 | 9y ago | Improper Input Validation in Apache Commons Email | |||
| CVE-2017-7920 | high | 7.5 | 7.5 | 9y ago | An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific unifo… | |||
| CVE-2017-6766 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticat… | |||
| CVE-2017-6763 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affe… | |||
| CVE-2017-6752 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could … | |||
| CVE-2017-6745 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condit… | |||
| CVE-2017-6664 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected sy… | |||
| CVE-2017-12602 | high | 7.5 | 7.5 | 9y ago | Denial of Service in OpenCV | |||
| CVE-2017-12600 | high | 7.5 | 7.5 | 9y ago | Denial of Service in OpenCV | |||
| CVE-2017-12568 | high | 7.5 | 7.5 | 9y ago | Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by se… | |||
| CVE-2017-9864 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout polici… | |||
| CVE-2017-9862 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the applicat… | |||
| CVE-2017-9858 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in furth… | |||
| CVE-2017-9851 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the ven… | |||
| CVE-2017-12439 | high | 7.5 | 7.5 | 9y ago | SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML c… | |||
| CVE-2017-10949 | high | 7.5 | 7.5 | 9y ago | Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in… | |||
| CVE-2017-12435 | high | 7.5 | 7.5 | 9y ago | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12430 | high | 7.5 | 7.5 | 9y ago | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12429 | high | 7.5 | 7.5 | 9y ago | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12428 | high | 7.5 | 7.5 | 9y ago | In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c. | |||
| CVE-2017-12425 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid … | |||
| CVE-2017-12418 | high | 7.5 | 7.5 | 9y ago | ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. | |||
| CVE-2017-11382 | high | 7.5 | 7.5 | 9y ago | Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly… | |||
| CVE-2017-11390 | high | 7.5 | 7.5 | 9y ago | XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. | |||
| CVE-2017-11387 | high | 7.5 | 7.5 | 9y ago | Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-C… | |||
| CVE-2017-10664 | high | 7.5 | 7.5 | 9y ago | qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | |||
| CVE-2017-1118 | high | 7.5 | 7.5 | 9y ago | IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. IBM X-Force ID: 121156. | |||
| CVE-2017-11379 | high | 7.5 | 7.5 | 9y ago | Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | |||
| CVE-2017-11135 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore… | |||
| CVE-2017-11133 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-rando… | |||
| CVE-2017-11132 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the applicati… | |||
| CVE-2017-12067 | high | 7.5 | 7.5 | 9y ago | Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. | |||
| CVE-2017-12064 | high | 7.5 | 7.5 | 9y ago | The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name. | |||
| CVE-2017-1460 | high | 7.5 | 7.5 | 9y ago | IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379. | |||
| CVE-2017-1227 | high | 7.5 | 7.5 | 9y ago | IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906. | |||
| CVE-2017-11670 | high | 7.5 | 7.5 | 9y ago | A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially… | |||
| CVE-2017-11669 | high | 7.5 | 7.5 | 9y ago | An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use… | |||
| CVE-2017-11668 | high | 7.5 | 7.5 | 9y ago | An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use… | |||
| CVE-2017-9522 | high | 7.5 | 7.5 | 9y ago | The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access b… | |||
| CVE-2017-9492 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmw… | |||
| CVE-2017-9486 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors. | |||
| CVE-2017-9485 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by leve… | |||
| CVE-2017-9484 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote att… | |||
| CVE-2017-9481 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/1… | |||
| CVE-2017-9478 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC a… | |||
| CVE-2017-11692 | high | 7.5 | 7.5 | 9y ago | The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. | |||
| CVE-2017-11746 | high | 7.5 | 7.5 | 9y ago | Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tens… | |||
| CVE-2017-11723 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld … | |||
| CVE-2017-11717 | high | 7.5 | 7.5 | 9y ago | MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stre… | |||
| CVE-2017-11706 | high | 7.5 | 7.5 | 9y ago | The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the … | |||
| CVE-2017-11665 | high | 7.5 | 7.5 | 9y ago | The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted strea… | |||
| CVE-2017-11684 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. | |||
| CVE-2017-7659 | high | 7.5 | 7.5 | 9y ago | A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. | |||
| CVE-2017-11658 | high | 7.5 | 7.5 | 9y ago | In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypa… | |||
| CVE-2017-11655 | high | 7.5 | 7.5 | 9y ago | A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdum… | |||
| CVE-2017-11630 | high | 7.5 | 7.5 | 9y ago | dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a… | |||
| CVE-2017-9233 | high | 7.5 | 7.5 | 9y ago | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an … | |||
| CVE-2017-6751 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected… | |||
| CVE-2017-6750 | high | 7.5 | 7.5 | 9y ago | A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticate… | |||
| CVE-2017-6672 | high | 7.5 | 7.5 | 9y ago | A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to b… | |||
| CVE-2017-11499 | high | 7.5 | 7.5 | 9y ago | Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was co… | |||
| CVE-2017-8035 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A careful… | |||
| CVE-2017-9553 | high | 7.5 | 7.5 | 9y ago | A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | |||
| CVE-2017-11326 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. | |||
| CVE-2017-11325 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php. | |||
| CVE-2017-11592 | high | 7.5 | 7.5 | 9y ago | There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via craft… |