CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15935 | high | 7.2 | 7.2 | 9y ago | Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. | |||
| CVE-2017-15933 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to … | |||
| CVE-2017-12160 | high | 7.2 | 7.2 | 9y ago | Keycloak Oauth Implementation Error | |||
| CVE-2017-7341 | high | 7.2 | 7.2 | 9y ago | An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an … | |||
| CVE-2017-15880 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name paramet… | |||
| CVE-2017-10362 | high | 7.2 | 7.2 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Sawbridge). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploita… | |||
| CVE-2017-14958 | high | 7.2 | 7.2 | 9y ago | lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. | |||
| CVE-2017-14602 | high | 7.2 | 7.2 | 9y ago | A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e… | |||
| CVE-2017-11396 | high | 7.2 | 7.2 | 9y ago | Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the … | |||
| CVE-2017-14141 | high | 7.2 | 7.2 | 9y ago | The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a craft… | |||
| CVE-2017-1002025 | high | 7.2 | 7.2 | 9y ago | Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. | |||
| CVE-2017-14405 | high | 7.2 | 7.2 | 9y ago | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | |||
| CVE-2017-12977 | high | 7.2 | 7.2 | 9y ago | The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in a… | |||
| CVE-2017-12947 | high | 7.2 | 7.2 | 9y ago | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable … | |||
| CVE-2017-12946 | high | 7.2 | 7.2 | 9y ago | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by… | |||
| CVE-2017-12756 | high | 7.2 | 7.2 | 9y ago | Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter. | |||
| CVE-2017-10031 | high | 7.2 | 7.2 | 9y ago | Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Mail Proxy (dojo)). Supported versions that are affected are 3.0 and 3.0.1. Easil… | |||
| CVE-2017-6746 | high | 7.2 | 7.2 | 9y ago | A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker … | |||
| CVE-2017-2276 | high | 7.2 | 7.2 | 9y ago | Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | |||
| CVE-2017-2275 | high | 7.2 | 7.2 | 9y ago | WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-11466 | high | 7.2 | 7.2 | 9y ago | Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via… | |||
| CVE-2017-8004 | high | 7.2 | 7.2 | 9y ago | The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle … | |||
| CVE-2017-2851 | high | 7.2 | 7.2 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. | |||
| CVE-2017-4988 | high | 7.2 | 7.2 | 9y ago | EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected syste… | |||
| CVE-2017-4991 | high | 7.2 | 7.2 | 9y ago | Cloud Foundry UAA password reset vulnerability | |||
| CVE-2017-3134 | high | 7.2 | 7.2 | 9y ago | An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | |||
| CVE-2017-3980 | high | 7.2 | 7.2 | 9y ago | A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choic… | |||
| CVE-2017-2141 | high | 7.2 | 7.2 | 9y ago | WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-2120 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-3531 | high | 7.2 | 7.2 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Servlet Runtime). Supported versions that are affected are 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. … | |||
| CVE-2017-3486 | high | 7.2 | 7.2 | 9y ago | Vulnerability in the SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker h… | |||
| CVE-2017-6183 | high | 7.2 | 7.2 | 9y ago | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NS… | |||
| CVE-2017-7290 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An … | |||
| CVE-2017-6578 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscri… | |||
| CVE-2017-6577 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | |||
| CVE-2017-6576 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter:… | |||
| CVE-2017-6575 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member… | |||
| CVE-2017-6574 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter… | |||
| CVE-2017-6573 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. | |||
| CVE-2017-6572 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_… | |||
| CVE-2017-6571 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: i… | |||
| CVE-2017-6570 | high | 7.2 | 7.2 | 9y ago | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Paramet… | |||
| CVE-2017-6492 | high | 7.2 | 7.2 | 9y ago | SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. | |||
| CVE-2017-5230 | high | 7.2 | 7.2 | 9y ago | The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides sto… | |||
| CVE-2017-5161 | high | 7.2 | 7.2 | 9y ago | An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path … | |||
| CVE-2017-3796 | high | 7.2 | 7.2 | 10y ago | A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Relea… | |||
| CVE-2017-5347 | high | 7.2 | 7.2 | 10y ago | SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/ind… | |||
| CVE-2017-5346 | high | 7.2 | 7.2 | 10y ago | GeniXCMS SQL injection vulnerability | |||
| CVE-2017-15309 | high | 7.1 | 7.1 | 9y ago | Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious f… | |||
| CVE-2017-17752 | medium | 6.1 | 7.1 | 9y ago | Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.… | |||
| CVE-2017-17649 | medium | 6.1 | 7.1 | 9y ago | Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | |||
| CVE-2017-17737 | medium | 6.1 | 7.1 | 9y ago | The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. | |||
| CVE-2017-1760 | high | 7.1 | 7.1 | 9y ago | IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. | |||
| CVE-2017-16884 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. | |||
| CVE-2017-16962 | medium | 6.1 | 7.1 | 9y ago | The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a craf… | |||
| CVE-2017-8153 | high | 7.1 | 7.1 | 9y ago | Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send… | |||
| CVE-2017-2735 | high | 7.1 | 7.1 | 9y ago | TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external appli… | |||
| CVE-2017-2707 | high | 7.1 | 7.1 | 9y ago | Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could… | |||
| CVE-2017-2706 | high | 7.1 | 7.1 | 9y ago | Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are … | |||
| CVE-2017-16899 | high | 7.1 | 7.1 | 9y ago | An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to… | |||
| CVE-2017-16841 | medium | 6.1 | 7.1 | 9y ago | LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | |||
| CVE-2017-16836 | medium | 6.1 | 7.1 | 9y ago | Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | |||
| CVE-2017-13831 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a … | |||
| CVE-2017-13820 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process me… | |||
| CVE-2017-15878 | medium | 6.1 | 7.1 | 9y ago | Cross-Site Scripting in keystone | |||
| CVE-2017-12613 | high | 7.1 | 7.1 | 9y ago | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting t… | |||
| CVE-2017-15687 | medium | 6.1 | 7.1 | 9y ago | DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. | |||
| CVE-2017-7089 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It all… | |||
| CVE-2017-15291 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description fi… | |||
| CVE-2017-15646 | medium | 6.1 | 7.1 | 9y ago | Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After set… | |||
| CVE-2017-10363 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security). Supported versions that are affected are 11.3, 11.4.0, 12.0.1, 12.… | |||
| CVE-2017-10353 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vul… | |||
| CVE-2017-10312 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows… | |||
| CVE-2017-15374 | medium | 6.1 | 7.1 | 9y ago | Shopware XSS Vulnerability | |||
| CVE-2017-15287 | medium | 6.1 | 7.1 | 9y ago | There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | |||
| CVE-2017-13722 | high | 7.1 | 7.1 | 9y ago | In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xser… | |||
| CVE-2017-13720 | high | 7.1 | 7.1 | 9y ago | In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of f… | |||
| CVE-2017-5701 | high | 7.1 | 7.1 | 9y ago | Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary… | |||
| CVE-2017-14620 | medium | 6.1 | 7.1 | 9y ago | SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||
| CVE-2017-12154 | high | 7.1 | 7.1 | 9y ago | The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omi… | |||
| CVE-2017-12215 | high | 7.1 | 7.1 | 9y ago | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to … | |||
| CVE-2017-14619 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | |||
| CVE-2017-3133 | medium | 6.1 | 7.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | |||
| CVE-2017-3132 | medium | 6.1 | 7.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToke… | |||
| CVE-2017-12699 | high | 7.1 | 7.1 | 9y ago | An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with m… | |||
| CVE-2017-0778 | high | 7.1 | 7.1 | 9y ago | A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227. | |||
| CVE-2017-14219 | medium | 6.1 | 7.1 | 9y ago | XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSu… | |||
| CVE-2017-14126 | medium | 6.1 | 7.1 | 9y ago | The Participants Database plugin before 1.7.5.10 for WordPress has XSS. | |||
| CVE-2017-9979 | medium | 6.1 | 7.1 | 9y ago | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to… | |||
| CVE-2017-12971 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. | |||
| CVE-2017-12984 | medium | 6.1 | 7.1 | 9y ago | PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | |||
| CVE-2017-6767 | high | 7.1 | 7.1 | 9y ago | A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be… | |||
| CVE-2017-10226 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9… | |||
| CVE-2017-10125 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physi… | |||
| CVE-2017-10085 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-11320 | medium | 6.1 | 7.1 | 9y ago | Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router. | |||
| CVE-2017-11355 | medium | 6.1 | 7.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) … | |||
| CVE-2017-1382 | high | 7.1 | 7.1 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker c… | |||
| CVE-2017-11472 | high | 7.1 | 7.1 | 9y ago | The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain s… | |||
| CVE-2017-9813 | medium | 6.1 | 7.1 | 9y ago | In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site sc… |