CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6674 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for … | |||
| CVE-2017-6671 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the de… | |||
| CVE-2017-4994 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, a… | |||
| CVE-2017-4975 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the o… | |||
| CVE-2017-4972 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, an… | |||
| CVE-2017-7667 | high | 7.5 | 7.5 | 9y ago | Origin Validation Error in Apache NiFi | |||
| CVE-2017-9557 | high | 7.5 | 7.5 | 9y ago | register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and … | |||
| CVE-2017-9543 | high | 7.5 | 7.5 | 9y ago | register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm. | |||
| CVE-2017-9128 | medium | 6.5 | 7.5 | 9y ago | The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 … | |||
| CVE-2017-9127 | medium | 6.5 | 7.5 | 9y ago | The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted … | |||
| CVE-2017-9126 | medium | 6.5 | 7.5 | 9y ago | The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. | |||
| CVE-2017-9125 | medium | 6.5 | 7.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. | |||
| CVE-2017-9124 | medium | 6.5 | 7.5 | 9y ago | The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |||
| CVE-2017-9123 | medium | 6.5 | 7.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | |||
| CVE-2017-9122 | medium | 6.5 | 7.5 | 9y ago | The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |||
| CVE-2017-8871 | medium | 6.5 | 7.5 | 9y ago | The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | |||
| CVE-2017-0376 | high | 7.5 | 7.5 | 9y ago | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous… | |||
| CVE-2017-0375 | high | 7.5 | 7.5 | 9y ago | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | |||
| CVE-2017-1319 | high | 7.5 | 7.5 | 9y ago | IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. | |||
| CVE-2017-9023 | high | 7.5 | 7.5 | 9y ago | The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted c… | |||
| CVE-2017-9022 | high | 7.5 | 7.5 | 9y ago | The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and … | |||
| CVE-2017-6648 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TeleP… | |||
| CVE-2017-7564 | high | 7.5 | 7.5 | 9y ago | In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug except… | |||
| CVE-2017-7313 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other wor… | |||
| CVE-2017-9469 | high | 7.5 | 7.5 | 9y ago | In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause … | |||
| CVE-2017-9468 | high | 7.5 | 7.5 | 9y ago | In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. | |||
| CVE-2017-5664 | high | 7.5 | 7.5 | 9y ago | The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwa… | |||
| CVE-2017-9438 | high | 7.5 | 7.5 | 9y ago | libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_em… | |||
| CVE-2017-7669 | high | 7.5 | 7.5 | 9y ago | Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation | |||
| CVE-2017-9428 | high | 7.5 | 7.5 | 9y ago | A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequen… | |||
| CVE-2017-9372 | high | 7.5 | 7.5 | 9y ago | PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of servic… | |||
| CVE-2017-9359 | high | 7.5 | 7.5 | 9y ago | The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attacke… | |||
| CVE-2017-9358 | high | 7.5 | 7.5 | 9y ago | A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending speciall… | |||
| CVE-2017-9354 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | |||
| CVE-2017-9352 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occu… | |||
| CVE-2017-9351 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier… | |||
| CVE-2017-9350 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative le… | |||
| CVE-2017-9349 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | |||
| CVE-2017-9348 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. | |||
| CVE-2017-9346 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | |||
| CVE-2017-9345 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. | |||
| CVE-2017-9344 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. | |||
| CVE-2017-9343 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. | |||
| CVE-2017-9334 | high | 7.5 | 7.5 | 9y ago | An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of servic… | |||
| CVE-2017-9304 | high | 7.5 | 7.5 | 9y ago | libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. | |||
| CVE-2017-7502 | high | 7.5 | 7.5 | 9y ago | Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. | |||
| CVE-2017-2304 | high | 7.5 | 7.5 | 9y ago | Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet p… | |||
| CVE-2017-2303 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D4… | |||
| CVE-2017-2302 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 1… | |||
| CVE-2017-2301 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to … | |||
| CVE-2017-2300 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primar… | |||
| CVE-2017-9250 | high | 7.5 | 7.5 | 9y ago | The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of ser… | |||
| CVE-2017-7295 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structur… | |||
| CVE-2017-7731 | high | 7.5 | 7.5 | 9y ago | A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | |||
| CVE-2017-7338 | high | 7.5 | 7.5 | 9y ago | A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | |||
| CVE-2017-7439 | high | 7.5 | 7.5 | 9y ago | NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. | |||
| CVE-2017-7236 | high | 7.5 | 7.5 | 9y ago | SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-9230 | high | 7.5 | 7.5 | 9y ago | The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multip… | |||
| CVE-2017-9229 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression com… | |||
| CVE-2017-9217 | high | 7.5 | 7.5 | 9y ago | denial of service in systemd | |||
| CVE-2017-9212 | high | 7.5 | 7.5 | 9y ago | The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name. | |||
| CVE-2017-9190 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5. | |||
| CVE-2017-9189 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. | |||
| CVE-2017-9182 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11. | |||
| CVE-2017-9181 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c. | |||
| CVE-2017-9180 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14. | |||
| CVE-2017-9179 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14. | |||
| CVE-2017-9178 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11. | |||
| CVE-2017-9177 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12. | |||
| CVE-2017-9176 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25. | |||
| CVE-2017-9175 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25. | |||
| CVE-2017-9174 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23. | |||
| CVE-2017-9159 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15. | |||
| CVE-2017-9158 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11. | |||
| CVE-2017-9157 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14. | |||
| CVE-2017-9156 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12. | |||
| CVE-2017-9155 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3. | |||
| CVE-2017-9154 | high | 7.5 | 7.5 | 9y ago | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11. | |||
| CVE-2017-8915 | high | 7.5 | 7.5 | 9y ago | sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar s… | |||
| CVE-2017-8309 | high | 7.5 | 7.5 | 9y ago | Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | |||
| CVE-2017-9149 | high | 7.5 | 7.5 | 9y ago | Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to ob… | |||
| CVE-2017-9147 | medium | 6.5 | 7.5 | 9y ago | LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. | |||
| CVE-2017-4916 | medium | 6.5 | 7.5 | 9y ago | VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privilege… | |||
| CVE-2017-2498 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrus… | |||
| CVE-2017-6653 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) con… | |||
| CVE-2017-6641 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of … | |||
| CVE-2017-6633 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected… | |||
| CVE-2017-6632 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a … | |||
| CVE-2017-9136 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the dev… | |||
| CVE-2017-9134 | high | 7.5 | 7.5 | 9y ago | An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial n… | |||
| CVE-2017-9132 | high | 7.5 | 7.5 | 9y ago | A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightwei… | |||
| CVE-2017-9131 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can … | |||
| CVE-2017-7620 | medium | 6.5 | 7.5 | 9y ago | MantisBT vulnerable to CSRF and Open Redirect attacks | |||
| CVE-2017-9098 | high | 7.5 | 7.5 | 9y ago | ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated … | |||
| CVE-2017-9091 | high | 7.5 | 7.5 | 9y ago | /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | |||
| CVE-2017-9090 | high | 7.5 | 7.5 | 9y ago | reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | |||
| CVE-2017-7935 | high | 7.5 | 7.5 | 9y ago | A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN req… | |||
| CVE-2017-6652 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due … | |||
| CVE-2017-6621 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to con… | |||
| CVE-2017-9065 | high | 7.5 | 7.5 | 9y ago | In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. |