CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6311 | high | 7.5 | 7.5 | 9y ago | gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error messag… | |||
| CVE-2017-5872 | high | 7.5 | 7.5 | 9y ago | The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to c… | |||
| CVE-2017-4960 | high | 7.5 | 7.5 | 9y ago | Cloud Foundry denial of service vulnerability | |||
| CVE-2017-5681 | high | 7.5 | 7.5 | 9y ago | The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-cha… | |||
| CVE-2017-5999 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() fu… | |||
| CVE-2017-6497 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). | |||
| CVE-2017-6474 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record … | |||
| CVE-2017-6473 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between l… | |||
| CVE-2017-6472 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtm… | |||
| CVE-2017-6471 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validat… | |||
| CVE-2017-6470 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by cons… | |||
| CVE-2017-6469 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by en… | |||
| CVE-2017-6468 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationshi… | |||
| CVE-2017-6467 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restr… | |||
| CVE-2017-5836 | high | 7.5 | 7.5 | 9y ago | The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an inv… | |||
| CVE-2017-5835 | high | 7.5 | 7.5 | 9y ago | libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. | |||
| CVE-2017-5356 | high | 7.5 | 7.5 | 9y ago | Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). | |||
| CVE-2017-5196 | high | 7.5 | 7.5 | 9y ago | Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. | |||
| CVE-2017-5195 | high | 7.5 | 7.5 | 9y ago | Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. | |||
| CVE-2017-5194 | high | 7.5 | 7.5 | 9y ago | Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | |||
| CVE-2017-5193 | high | 7.5 | 7.5 | 9y ago | The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. | |||
| CVE-2017-6405 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. | |||
| CVE-2017-6384 | high | 7.5 | 7.5 | 9y ago | Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed i… | |||
| CVE-2017-3826 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker… | |||
| CVE-2017-5995 | high | 7.5 | 7.5 | 9y ago | The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2017-5927 | high | 7.5 | 7.5 | 9y ago | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU ope… | |||
| CVE-2017-5926 | high | 7.5 | 7.5 | 9y ago | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU ope… | |||
| CVE-2017-5925 | high | 7.5 | 7.5 | 9y ago | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU o… | |||
| CVE-2017-6100 | high | 7.5 | 7.5 | 9y ago | tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | |||
| CVE-2017-6214 | high | 7.5 | 7.5 | 9y ago | The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packe… | |||
| CVE-2017-3841 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. K… | |||
| CVE-2017-3830 | high | 7.5 | 7.5 | 9y ago | A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Infor… | |||
| CVE-2017-2371 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site. | |||
| CVE-2017-2365 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2364 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the… | |||
| CVE-2017-2363 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve… | |||
| CVE-2017-6056 | high | 7.5 | 7.5 | 9y ago | It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service … | |||
| CVE-2017-6014 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to r… | |||
| CVE-2017-5357 | high | 7.5 | 7.5 | 9y ago | regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. | |||
| CVE-2017-6004 | high | 7.5 | 7.5 | 9y ago | The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (ou… | |||
| CVE-2017-0317 | high | 7.5 | 7.5 | 9y ago | All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamp… | |||
| CVE-2017-5997 | high | 7.5 | 7.5 | 9y ago | The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests wit… | |||
| CVE-2017-2981 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2980 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2979 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2978 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2977 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2976 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2975 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-2974 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-5970 | high | 7.5 | 7.5 | 9y ago | The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted sy… | |||
| CVE-2017-5169 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and… | |||
| CVE-2017-5168 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker servi… | |||
| CVE-2017-3302 | high | 7.5 | 7.5 | 9y ago | Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. | |||
| CVE-2017-5848 | high | 7.5 | 7.5 | 9y ago | The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors in… | |||
| CVE-2017-5847 | high | 7.5 | 7.5 | 9y ago | The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via v… | |||
| CVE-2017-5845 | high | 7.5 | 7.5 | 9y ago | The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via … | |||
| CVE-2017-5843 | high | 7.5 | 7.5 | 9y ago | Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attacke… | |||
| CVE-2017-5841 | high | 7.5 | 7.5 | 9y ago | The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vector… | |||
| CVE-2017-5840 | high | 7.5 | 7.5 | 9y ago | The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors in… | |||
| CVE-2017-5839 | high | 7.5 | 7.5 | 9y ago | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a de… | |||
| CVE-2017-5838 | high | 7.5 | 7.5 | 9y ago | The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datet… | |||
| CVE-2017-0422 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possi… | |||
| CVE-2017-5136 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown … | |||
| CVE-2017-5601 | high | 7.5 | 7.5 | 10y ago | An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause… | |||
| CVE-2017-5328 | high | 7.5 | 7.5 | 10y ago | Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors. | |||
| CVE-2017-3295 | high | 7.5 | 7.5 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitab… | |||
| CVE-2017-3294 | high | 7.5 | 7.5 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitab… | |||
| CVE-2017-3270 | high | 7.5 | 7.5 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl… | |||
| CVE-2017-3269 | high | 7.5 | 7.5 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl… | |||
| CVE-2017-3268 | high | 7.5 | 7.5 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl… | |||
| CVE-2017-3267 | high | 7.5 | 7.5 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl… | |||
| CVE-2017-3253 | high | 7.5 | 7.5 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u1… | |||
| CVE-2017-5598 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST re… | |||
| CVE-2017-5597 | high | 7.5 | 7.5 | 10y ago | In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packe… | |||
| CVE-2017-5596 | high | 7.5 | 7.5 | 10y ago | In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/… | |||
| CVE-2017-5495 | high | 7.5 | 7.5 | 10y ago | All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Q… | |||
| CVE-2017-5372 | high | 7.5 | 7.5 | 10y ago | The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for… | |||
| CVE-2017-5371 | high | 7.5 | 7.5 | 10y ago | Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422. | |||
| CVE-2017-5182 | high | 7.5 | 7.5 | 10y ago | Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total info… | |||
| CVE-2017-5493 | high | 7.5 | 7.5 | 10y ago | wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended a… | |||
| CVE-2017-0394 | high | 7.5 | 7.5 | 10y ago | A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product… | |||
| CVE-2017-0389 | high | 7.5 | 7.5 | 10y ago | A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the po… | |||
| CVE-2017-5351 | high | 7.5 | 7.5 | 10y ago | Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016… | |||
| CVE-2017-5350 | high | 7.5 | 7.5 | 10y ago | Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122. | |||
| CVE-2017-0004 | high | 7.5 | 7.5 | 10y ago | The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (rebo… | |||
| CVE-2017-17704 | high | 7.4 | 7.4 | 9y ago | A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM an… | |||
| CVE-2017-14361 | high | 7.4 | 7.4 | 9y ago | Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. | |||
| CVE-2017-1000407 | high | 7.4 | 7.4 | 9y ago | The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | |||
| CVE-2017-5729 | high | 7.4 | 7.4 | 9y ago | Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle. | |||
| CVE-2017-9758 | high | 7.4 | 7.4 | 9y ago | Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | |||
| CVE-2017-15086 | high | 7.4 | 7.4 | 9y ago | It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||
| CVE-2017-12275 | high | 7.4 | 7.4 | 9y ago | A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cau… | |||
| CVE-2017-6144 | high | 7.4 | 7.4 | 9y ago | In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position ma… | |||
| CVE-2017-10333 | high | 7.4 | 7.4 | 9y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privil… | |||
| CVE-2017-10620 | high | 7.4 | 7.4 | 9y ago | Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signature… | |||
| CVE-2017-8025 | high | 7.4 | 7.4 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files … | |||
| CVE-2017-8012 | high | 7.4 | 7.4 | 9y ago | In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Complian… | |||
| CVE-2017-12735 | high | 7.4 | 7.4 | 9y ago | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could poten… | |||
| CVE-2017-7930 | high | 7.4 | 7.4 | 9y ago | An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the… |