CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0527 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0526 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0525 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High b… | |||
| CVE-2017-0524 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated … | |||
| CVE-2017-0523 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0521 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig… | |||
| CVE-2017-0520 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated… | |||
| CVE-2017-0519 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is … | |||
| CVE-2017-0518 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is … | |||
| CVE-2017-0517 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rat… | |||
| CVE-2017-0516 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rate… | |||
| CVE-2017-0464 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0463 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as… | |||
| CVE-2017-0460 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as… | |||
| CVE-2017-0458 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig… | |||
| CVE-2017-0457 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hi… | |||
| CVE-2017-0456 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High b… | |||
| CVE-2017-0453 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-2636 | high | 7.0 | 7.0 | 9y ago | Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||
| CVE-2017-6408 | high | 7.0 | 7.0 | 9y ago | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects … | |||
| CVE-2017-6346 | high | 7.0 | 7.0 | 9y ago | Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithread… | |||
| CVE-2017-6001 | high | 7.0 | 7.0 | 9y ago | Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a… | |||
| CVE-2017-0449 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Mode… | |||
| CVE-2017-0447 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig… | |||
| CVE-2017-0446 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig… | |||
| CVE-2017-0445 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig… | |||
| CVE-2017-0444 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High … | |||
| CVE-2017-0443 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0442 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0441 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0440 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0439 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0438 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0437 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0436 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0435 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High… | |||
| CVE-2017-0434 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This is… | |||
| CVE-2017-0433 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This is… | |||
| CVE-2017-0432 | high | 7.0 | 7.0 | 9y ago | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High becau… | |||
| CVE-2017-0404 | high | 7.0 | 7.0 | 10y ago | An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hig… | |||
| CVE-2017-0403 | high | 7.0 | 7.0 | 10y ago | An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated … | |||
| CVE-2017-5607 | low | 3.5 | 4.5 | 9y ago | Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 a… | |||
| CVE-2017-5686 | low | 3.9 | 3.9 | 9y ago | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. | |||
| CVE-2017-5685 | low | 3.9 | 3.9 | 9y ago | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. | |||
| CVE-2017-5684 | low | 3.9 | 3.9 | 9y ago | The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. | |||
| CVE-2017-9369 | low | 3.8 | 3.8 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to g… | |||
| CVE-2017-3892 | low | 3.8 | 3.8 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating t… | |||
| CVE-2017-10365 | low | 3.8 | 3.8 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high p… | |||
| CVE-2017-4896 | low | 3.8 | 3.8 | 9y ago | Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthoriz… | |||
| CVE-2017-7995 | low | 3.8 | 3.8 | 9y ago | Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in th… | |||
| CVE-2017-20200 | low | 3.7 | 3.7 | 8mo ago | A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launch… | |||
| CVE-2017-15321 | low | 3.7 | 3.7 | 9y ago | Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets tran… | |||
| CVE-2017-1497 | low | 3.7 | 3.7 | 9y ago | IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | |||
| CVE-2017-1355 | low | 3.7 | 3.7 | 9y ago | IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, … | |||
| CVE-2017-1341 | low | 3.7 | 3.7 | 9y ago | IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. | |||
| CVE-2017-17433 | low | 3.7 | 3.7 | 9y ago | The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_f… | |||
| CVE-2017-8822 | low | 3.7 | 3.7 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick th… | |||
| CVE-2017-15528 | low | 3.7 | 3.7 | 9y ago | Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pu… | |||
| CVE-2017-1228 | low | 3.7 | 3.7 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An a… | |||
| CVE-2017-7084 | low | 3.7 | 3.7 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in o… | |||
| CVE-2017-10341 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to… | |||
| CVE-2017-10166 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult… | |||
| CVE-2017-14595 | low | 3.7 | 3.7 | 9y ago | In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. | |||
| CVE-2017-10856 | low | 3.7 | 3.7 | 9y ago | SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially … | |||
| CVE-2017-1520 | low | 3.7 | 3.7 | 9y ago | IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. | |||
| CVE-2017-3650 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticat… | |||
| CVE-2017-2137 | low | 3.7 | 3.7 | 9y ago | ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. | |||
| CVE-2017-3544 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed… | |||
| CVE-2017-3533 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed… | |||
| CVE-2017-3469 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulne… | |||
| CVE-2017-3467 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unaut… | |||
| CVE-2017-0159 | low | 3.7 | 3.7 | 9y ago | A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, ak… | |||
| CVE-2017-5930 | low | 2.7 | 3.7 | 9y ago | The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission ch… | |||
| CVE-2017-5865 | low | 3.7 | 3.7 | 9y ago | The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is v… | |||
| CVE-2017-5928 | low | 3.7 | 3.7 | 9y ago | The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the http… | |||
| CVE-2017-3323 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. … | |||
| CVE-2017-3322 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and .… | |||
| CVE-2017-3321 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Di… | |||
| CVE-2017-3259 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allow… | |||
| CVE-2017-1353 | low | 3.5 | 3.5 | 9y ago | IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 12668… | |||
| CVE-2017-2730 | low | 3.5 | 3.5 | 9y ago | HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these AP… | |||
| CVE-2017-10308 | low | 3.5 | 3.5 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Performance). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnera… | |||
| CVE-2017-10014 | low | 3.5 | 3.5 | 9y ago | Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vul… | |||
| CVE-2017-5244 | low | 3.5 | 3.5 | 9y ago | Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of t… | |||
| CVE-2017-2161 | low | 3.5 | 3.5 | 9y ago | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access re… | |||
| CVE-2017-9139 | low | 3.5 | 3.5 | 9y ago | There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (… | |||
| CVE-2017-0895 | low | 3.5 | 3.5 | 9y ago | Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been… | |||
| CVE-2017-0892 | low | 3.5 | 3.5 | 9y ago | Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | |||
| CVE-2017-3235 | low | 3.5 | 3.5 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2017-10088 | low | 3.4 | 3.4 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-9856 | low | 3.4 | 3.4 | 9y ago | An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption alg… | |||
| CVE-2017-3590 | low | 3.3 | 3.3 | 4y ago | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows… | |||
| CVE-2017-17864 | low | 3.3 | 3.3 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentia… | |||
| CVE-2017-17807 | low | 3.3 | 3.3 | 9y ago | The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing … | |||
| CVE-2017-1270 | low | 3.3 | 3.3 | 9y ago | IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cooki… | |||
| CVE-2017-1261 | low | 3.3 | 3.3 | 9y ago | IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. | |||
| CVE-2017-15530 | low | 3.3 | 3.3 | 9y ago | Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first… | |||
| CVE-2017-1716 | low | 3.3 | 3.3 | 9y ago | IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. | |||
| CVE-2017-2701 | low | 3.3 | 3.3 | 9y ago | Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting… | |||
| CVE-2017-2694 | low | 3.3 | 3.3 | 9y ago | The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious appl… |