CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3085 | high | 7.4 | 7.4 | 9y ago | Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | |||
| CVE-2017-11506 | high | 7.4 | 7.4 | 9y ago | When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could all… | |||
| CVE-2017-10145 | high | 7.4 | 7.4 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily explo… | |||
| CVE-2017-10104 | high | 7.4 | 7.4 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily explo… | |||
| CVE-2017-10019 | high | 7.4 | 7.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily explo… | |||
| CVE-2017-9941 | high | 7.4 | 7.4 | 9y ago | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass in… | |||
| CVE-2017-6873 | high | 7.4 | 7.4 | 9y ago | A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle… | |||
| CVE-2017-6870 | high | 7.4 | 7.4 | 9y ago | A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify dat… | |||
| CVE-2017-7520 | high | 7.4 | 7.4 | 9y ago | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. | |||
| CVE-2017-1000367 | medium | 6.4 | 7.4 | 9y ago | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | |||
| CVE-2017-9035 | high | 7.4 | 7.4 | 9y ago | Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. | |||
| CVE-2017-3547 | high | 7.4 | 7.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "… | |||
| CVE-2017-1122 | high | 7.4 | 7.4 | 9y ago | IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 12117… | |||
| CVE-2017-6130 | high | 7.4 | 7.4 | 9y ago | F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT… | |||
| CVE-2017-7272 | high | 7.4 | 7.4 | 9y ago | PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is r… | |||
| CVE-2017-3849 | high | 7.4 | 7.4 | 9y ago | A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) cou… | |||
| CVE-2017-5643 | high | 7.4 | 7.4 | 9y ago | Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | |||
| CVE-2017-5617 | high | 7.4 | 7.4 | 9y ago | Server Side Request Forgery in svgSalamander | |||
| CVE-2017-2685 | high | 7.4 | 7.4 | 9y ago | Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow … | |||
| CVE-2017-5518 | high | 7.4 | 7.4 | 10y ago | The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. | |||
| CVE-2017-17845 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001. | |||
| CVE-2017-14362 | high | 7.3 | 7.3 | 9y ago | Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. | |||
| CVE-2017-14016 | medium | 6.3 | 7.3 | 9y ago | A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying… | |||
| CVE-2017-6145 | high | 7.3 | 7.3 | 9y ago | iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cook… | |||
| CVE-2017-3588 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerabilit… | |||
| CVE-2017-10408 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10407 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10392 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10391 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnera… | |||
| CVE-2017-10265 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3… | |||
| CVE-2017-15575 | high | 7.3 | 7.3 | 9y ago | In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive d… | |||
| CVE-2017-1541 | high | 7.3 | 7.3 | 9y ago | A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. | |||
| CVE-2017-9956 | high | 7.3 | 7.3 | 9y ago | An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use t… | |||
| CVE-2017-14484 | high | 7.3 | 7.3 | 9y ago | The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because a… | |||
| CVE-2017-9640 | medium | 6.3 | 7.3 | 9y ago | A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC … | |||
| CVE-2017-10242 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10241 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10240 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10239 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10238 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10237 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10236 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10234 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4. Easily exploitable vulnerability … | |||
| CVE-2017-10233 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |||
| CVE-2017-10210 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10206 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement). The supported version that is affected is 2.9. Easily exploitable vulnerabili… | |||
| CVE-2017-9639 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memo… | |||
| CVE-2017-10994 | high | 7.3 | 7.3 | 9y ago | Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. | |||
| CVE-2017-10725 | high | 7.3 | 7.3 | 9y ago | Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Code Flow starting at in_… | |||
| CVE-2017-6324 | high | 7.3 | 7.3 | 9y ago | The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having t… | |||
| CVE-2017-4987 | high | 7.3 | 7.3 | 9y ago | In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potent… | |||
| CVE-2017-9606 | high | 7.3 | 7.3 | 9y ago | Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorr… | |||
| CVE-2017-8494 | high | 7.3 | 7.3 | 9y ago | Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel … | |||
| CVE-2017-8460 | high | 7.3 | 7.3 | 9y ago | Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially cra… | |||
| CVE-2017-0298 | high | 7.3 | 7.3 | 9y ago | A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Wind… | |||
| CVE-2017-7965 | high | 7.3 | 7.3 | 9y ago | A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. | |||
| CVE-2017-0373 | high | 7.3 | 7.3 | 9y ago | The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have… | |||
| CVE-2017-9137 | high | 7.3 | 7.3 | 9y ago | Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both… | |||
| CVE-2017-9046 | high | 7.3 | 7.3 | 9y ago | winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbi… | |||
| CVE-2017-6016 | high | 7.3 | 7.3 | 9y ago | An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions rel… | |||
| CVE-2017-2157 | high | 7.3 | 7.3 | 9y ago | Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certificatio… | |||
| CVE-2017-0249 | high | 7.3 | 7.3 | 9y ago | High severity vulnerability that affects Microsoft.AspNetCore.Mvc | |||
| CVE-2017-7927 | high | 7.3 | 7.3 | 9y ago | A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH… | |||
| CVE-2017-2101 | high | 7.3 | 7.3 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. | |||
| CVE-2017-3162 | high | 7.3 | 7.3 | 9y ago | Improper Input Validation in Apache Hadoop | |||
| CVE-2017-3507 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Console Design). Supported versions that are affected are 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.… | |||
| CVE-2017-3497 | high | 7.3 | 7.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon). The supported version that is affected is 11.3. Easily "exploitable" vulnerab… | |||
| CVE-2017-2331 | high | 7.3 | 7.3 | 9y ago | A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, le… | |||
| CVE-2017-5662 | high | 7.3 | 7.3 | 9y ago | Improper Restriction of XML External Entity Reference in Apache Batik | |||
| CVE-2017-5661 | high | 7.3 | 7.3 | 9y ago | Improper Restriction of XML External Entity Reference in Apache FOP | |||
| CVE-2017-1161 | high | 7.3 | 7.3 | 9y ago | IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an atta… | |||
| CVE-2017-6967 | high | 7.3 | 7.3 | 9y ago | xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configuration… | |||
| CVE-2017-6189 | high | 7.3 | 7.3 | 9y ago | Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working di… | |||
| CVE-2017-6438 | high | 7.3 | 7.3 | 9y ago | Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code exe… | |||
| CVE-2017-6543 | high | 7.3 | 7.3 | 9y ago | Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be writ… | |||
| CVE-2017-5682 | high | 7.3 | 7.3 | 9y ago | Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, … | |||
| CVE-2017-5155 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compr… | |||
| CVE-2017-5151 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. | |||
| CVE-2017-3250 | high | 7.3 | 7.3 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulner… | |||
| CVE-2017-3249 | high | 7.3 | 7.3 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulner… | |||
| CVE-2017-17987 | high | 7.2 | 7.2 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | |||
| CVE-2017-17941 | high | 7.2 | 7.2 | 9y ago | PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | |||
| CVE-2017-17829 | high | 7.2 | 7.2 | 9y ago | Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. | |||
| CVE-2017-15876 | high | 7.2 | 7.2 | 9y ago | Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. | |||
| CVE-2017-16788 | high | 7.2 | 7.2 | 9y ago | Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users w… | |||
| CVE-2017-7738 | high | 7.2 | 7.2 | 9y ago | An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web port… | |||
| CVE-2017-17561 | high | 7.2 | 7.2 | 9y ago | SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. | |||
| CVE-2017-16682 | high | 7.2 | 7.2 | 9y ago | SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be execute… | |||
| CVE-2017-15673 | high | 7.2 | 7.2 | 9y ago | The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page. | |||
| CVE-2017-14585 | high | 7.2 | 7.2 | 9y ago | A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0… | |||
| CVE-2017-8198 | high | 7.2 | 7.2 | 9y ago | FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target de… | |||
| CVE-2017-8197 | high | 7.2 | 7.2 | 9y ago | FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful ex… | |||
| CVE-2017-8188 | high | 7.2 | 7.2 | 9y ago | FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affect… | |||
| CVE-2017-2736 | high | 7.2 | 7.2 | 9y ago | VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a… | |||
| CVE-2017-5712 | high | 7.2 | 7.2 | 9y ago | Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to exe… | |||
| CVE-2017-14111 | high | 7.2 | 7.2 | 9y ago | The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an … | |||
| CVE-2017-16660 | high | 7.2 | 7.2 | 9y ago | Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP … | |||
| CVE-2017-16641 | high | 7.2 | 7.2 | 9y ago | lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | |||
| CVE-2017-16000 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capaci… | |||
| CVE-2017-15949 | high | 7.2 | 7.2 | 9y ago | Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. |