CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7965 | high | 7.3 | 7.3 | 9y ago | A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. | |||
| CVE-2017-0373 | high | 7.3 | 7.3 | 9y ago | The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have… | |||
| CVE-2017-9137 | high | 7.3 | 7.3 | 9y ago | Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both… | |||
| CVE-2017-9046 | high | 7.3 | 7.3 | 9y ago | winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbi… | |||
| CVE-2017-6016 | high | 7.3 | 7.3 | 9y ago | An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions rel… | |||
| CVE-2017-2157 | high | 7.3 | 7.3 | 9y ago | Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certificatio… | |||
| CVE-2017-0249 | high | 7.3 | 7.3 | 9y ago | High severity vulnerability that affects Microsoft.AspNetCore.Mvc | |||
| CVE-2017-7927 | high | 7.3 | 7.3 | 9y ago | A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH… | |||
| CVE-2017-2101 | high | 7.3 | 7.3 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. | |||
| CVE-2017-3162 | high | 7.3 | 7.3 | 9y ago | Improper Input Validation in Apache Hadoop | |||
| CVE-2017-3507 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Console Design). Supported versions that are affected are 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.… | |||
| CVE-2017-3497 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon). The supported version that is affected is 11.3. Easily "exploitable" vulnerab… | |||
| CVE-2017-2331 | high | 7.3 | 7.3 | 9y ago | A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, le… | |||
| CVE-2017-5662 | high | 7.3 | 7.3 | 9y ago | Improper Restriction of XML External Entity Reference in Apache Batik | |||
| CVE-2017-5661 | high | 7.3 | 7.3 | 9y ago | Improper Restriction of XML External Entity Reference in Apache FOP | |||
| CVE-2017-1161 | high | 7.3 | 7.3 | 9y ago | IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an atta… | |||
| CVE-2017-6967 | high | 7.3 | 7.3 | 9y ago | xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configuration… | |||
| CVE-2017-6189 | high | 7.3 | 7.3 | 9y ago | Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working di… | |||
| CVE-2017-6438 | high | 7.3 | 7.3 | 9y ago | Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code exe… | |||
| CVE-2017-6543 | high | 7.3 | 7.3 | 9y ago | Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be writ… | |||
| CVE-2017-5682 | high | 7.3 | 7.3 | 9y ago | Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, … | |||
| CVE-2017-5155 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compr… | |||
| CVE-2017-5151 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. | |||
| CVE-2017-3250 | high | 7.3 | 7.3 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulner… | |||
| CVE-2017-3249 | high | 7.3 | 7.3 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulner… | |||
| CVE-2017-17987 | high | 7.2 | 7.2 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | |||
| CVE-2017-17941 | high | 7.2 | 7.2 | 9y ago | PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | |||
| CVE-2017-17829 | high | 7.2 | 7.2 | 9y ago | Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. | |||
| CVE-2017-15876 | high | 7.2 | 7.2 | 9y ago | Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. | |||
| CVE-2017-16788 | high | 7.2 | 7.2 | 9y ago | Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users w… | |||
| CVE-2017-7738 | high | 7.2 | 7.2 | 9y ago | An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web port… | |||
| CVE-2017-17561 | high | 7.2 | 7.2 | 9y ago | SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. | |||
| CVE-2017-16682 | high | 7.2 | 7.2 | 9y ago | SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be execute… | |||
| CVE-2017-15673 | high | 7.2 | 7.2 | 9y ago | The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page. | |||
| CVE-2017-14585 | high | 7.2 | 7.2 | 9y ago | A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0… | |||
| CVE-2017-8198 | high | 7.2 | 7.2 | 9y ago | FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target de… | |||
| CVE-2017-8197 | high | 7.2 | 7.2 | 9y ago | FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful ex… | |||
| CVE-2017-8188 | high | 7.2 | 7.2 | 9y ago | FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affect… | |||
| CVE-2017-2736 | high | 7.2 | 7.2 | 9y ago | VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a… | |||
| CVE-2017-5712 | high | 7.2 | 7.2 | 9y ago | Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to exe… | |||
| CVE-2017-14111 | high | 7.2 | 7.2 | 9y ago | The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an … | |||
| CVE-2017-16660 | high | 7.2 | 7.2 | 9y ago | Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP … | |||
| CVE-2017-16641 | high | 7.2 | 7.2 | 9y ago | lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | |||
| CVE-2017-16000 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capaci… | |||
| CVE-2017-15949 | high | 7.2 | 7.2 | 9y ago | Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. | |||
| CVE-2017-15935 | high | 7.2 | 7.2 | 9y ago | Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. | |||
| CVE-2017-15933 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to … | |||
| CVE-2017-12160 | high | 7.2 | 7.2 | 9y ago | Keycloak Oauth Implementation Error | |||
| CVE-2017-7341 | high | 7.2 | 7.2 | 9y ago | An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an … | |||
| CVE-2017-15880 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name paramet… | |||
| CVE-2017-10362 | high | 7.2 | 7.2 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Sawbridge). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploita… | |||
| CVE-2017-14958 | high | 7.2 | 7.2 | 9y ago | lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. | |||
| CVE-2017-14602 | high | 7.2 | 7.2 | 9y ago | A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e… | |||
| CVE-2017-11396 | high | 7.2 | 7.2 | 9y ago | Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the … | |||
| CVE-2017-14141 | high | 7.2 | 7.2 | 9y ago | The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a craft… | |||
| CVE-2017-1002025 | high | 7.2 | 7.2 | 9y ago | Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. | |||
| CVE-2017-14405 | high | 7.2 | 7.2 | 9y ago | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | |||
| CVE-2017-12977 | high | 7.2 | 7.2 | 9y ago | The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in a… | |||
| CVE-2017-12947 | high | 7.2 | 7.2 | 9y ago | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable … | |||
| CVE-2017-12946 | high | 7.2 | 7.2 | 9y ago | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by… | |||
| CVE-2017-12756 | high | 7.2 | 7.2 | 9y ago | Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter. | |||
| CVE-2017-10031 | high | 7.2 | 7.2 | 9y ago | Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Mail Proxy (dojo)). Supported versions that are affected are 3.0 and 3.0.1. Easil… | |||
| CVE-2017-6746 | high | 7.2 | 7.2 | 9y ago | A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker … | |||
| CVE-2017-2276 | high | 7.2 | 7.2 | 9y ago | Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | |||
| CVE-2017-2275 | high | 7.2 | 7.2 | 9y ago | WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-11466 | high | 7.2 | 7.2 | 9y ago | Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via… | |||
| CVE-2017-8004 | high | 7.2 | 7.2 | 9y ago | The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle … | |||
| CVE-2017-2851 | high | 7.2 | 7.2 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. | |||
| CVE-2017-4988 | high | 7.2 | 7.2 | 9y ago | EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected syste… | |||
| CVE-2017-4991 | high | 7.2 | 7.2 | 9y ago | Cloud Foundry UAA password reset vulnerability | |||
| CVE-2017-3134 | high | 7.2 | 7.2 | 9y ago | An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | |||
| CVE-2017-3980 | high | 7.2 | 7.2 | 9y ago | A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choic… | |||
| CVE-2017-2141 | high | 7.2 | 7.2 | 9y ago | WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-2120 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-3531 | high | 7.2 | 7.2 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Servlet Runtime). Supported versions that are affected are 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. … | |||
| CVE-2017-3486 | high | 7.2 | 7.2 | 9y ago | Vulnerability in the SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker h… | |||
| CVE-2017-6183 | high | 7.2 | 7.2 | 9y ago | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NS… | |||
| CVE-2017-7290 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An … | |||
| CVE-2017-6578 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscri… | |||
| CVE-2017-6577 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | |||
| CVE-2017-6576 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter:… | |||
| CVE-2017-6575 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member… | |||
| CVE-2017-6574 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter… | |||
| CVE-2017-6573 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. | |||
| CVE-2017-6572 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_… | |||
| CVE-2017-6571 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: i… | |||
| CVE-2017-6570 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Paramet… | |||
| CVE-2017-6492 | high | 7.2 | 7.2 | 9y ago | SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. | |||
| CVE-2017-5230 | high | 7.2 | 7.2 | 9y ago | The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides sto… | |||
| CVE-2017-5161 | high | 7.2 | 7.2 | 9y ago | An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path … | |||
| CVE-2017-3796 | high | 7.2 | 7.2 | 10y ago | A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Relea… | |||
| CVE-2017-5347 | high | 7.2 | 7.2 | 10y ago | SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/ind… | |||
| CVE-2017-5346 | high | 7.2 | 7.2 | 10y ago | GeniXCMS SQL injection vulnerability | |||
| CVE-2017-15309 | high | 7.1 | 7.1 | 9y ago | Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious f… | |||
| CVE-2017-1760 | high | 7.1 | 7.1 | 9y ago | IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. | |||
| CVE-2017-8153 | high | 7.1 | 7.1 | 9y ago | Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send… | |||
| CVE-2017-2735 | high | 7.1 | 7.1 | 9y ago | TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external appli… | |||
| CVE-2017-2707 | high | 7.1 | 7.1 | 9y ago | Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could… | |||
| CVE-2017-2706 | high | 7.1 | 7.1 | 9y ago | Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are … | |||
| CVE-2017-16899 | high | 7.1 | 7.1 | 9y ago | An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to… |