CVEs from 2017
Total
11,651
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16687 | medium | 5.3 | 5.3 | 9y ago | The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid use… | |||
| CVE-2017-17553 | medium | 5.3 | 5.3 | 9y ago | The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malici… | |||
| CVE-2017-1613 | medium | 5.3 | 5.3 | 9y ago | IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954. | |||
| CVE-2017-1548 | medium | 5.3 | 5.3 | 9y ago | IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view… | |||
| CVE-2017-15943 | medium | 5.3 | 5.3 | 9y ago | The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before … | |||
| CVE-2017-11301 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-11300 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-11299 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-11298 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-11297 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-13165 | medium | 5.3 | 5.3 | 9y ago | An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937. | |||
| CVE-2017-14905 | medium | 5.3 | 5.3 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can oc… | |||
| CVE-2017-14903 | medium | 5.3 | 5.3 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload… | |||
| CVE-2017-12080 | medium | 5.3 | 5.3 | 9y ago | An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information… | |||
| CVE-2017-3764 | medium | 5.3 | 5.3 | 9y ago | A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. N… | |||
| CVE-2017-12363 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficien… | |||
| CVE-2017-12355 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS … | |||
| CVE-2017-12354 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnera… | |||
| CVE-2017-8031 | medium | 5.3 | 5.3 | 9y ago | Cloud Foundry UAA Denial of Service through client token revocation endpoint | |||
| CVE-2017-8213 | medium | 5.3 | 5.3 | 9y ago | Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an inp… | |||
| CVE-2017-8177 | medium | 5.3 | 5.3 | 9y ago | Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Su… | |||
| CVE-2017-8121 | medium | 5.3 | 5.3 | 9y ago | The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | |||
| CVE-2017-2720 | medium | 5.3 | 5.3 | 9y ago | FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increa… | |||
| CVE-2017-2712 | medium | 5.3 | 5.3 | 9y ago | S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them t… | |||
| CVE-2017-13702 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. | |||
| CVE-2017-1000211 | medium | 5.3 | 5.3 | 9y ago | Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. | |||
| CVE-2017-1000226 | medium | 5.3 | 5.3 | 9y ago | Stop User Enumeration 1.3.8 allows user enumeration via the REST API | |||
| CVE-2017-1000246 | medium | 5.3 | 5.3 | 9y ago | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | |||
| CVE-2017-0860 | medium | 5.3 | 5.3 | 9y ago | An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064. | |||
| CVE-2017-0851 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570. | |||
| CVE-2017-0850 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941. | |||
| CVE-2017-0849 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399. | |||
| CVE-2017-0848 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217. | |||
| CVE-2017-11022 | medium | 5.3 | 5.3 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which… | |||
| CVE-2017-12309 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the… | |||
| CVE-2017-12303 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to byp… | |||
| CVE-2017-12299 | medium | 5.3 | 5.3 | 9y ago | A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker t… | |||
| CVE-2017-15272 | medium | 5.3 | 5.3 | 9y ago | The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "… | |||
| CVE-2017-8812 | medium | 5.3 | 5.3 | 9y ago | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | |||
| CVE-2017-12737 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected … | |||
| CVE-2017-11834 | medium | 5.3 | 5.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Serv… | |||
| CVE-2017-10266 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerabi… | |||
| CVE-2017-16754 | medium | 5.3 | 5.3 | 9y ago | Bolt Improper Access Control | |||
| CVE-2017-16673 | medium | 5.3 | 5.3 | 9y ago | Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this … | |||
| CVE-2017-12083 | medium | 5.3 | 5.3 | 9y ago | An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump stri… | |||
| CVE-2017-12295 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain inf… | |||
| CVE-2017-1333 | medium | 5.3 | 5.3 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force … | |||
| CVE-2017-1148 | medium | 5.3 | 5.3 | 9y ago | IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attack… | |||
| CVE-2017-1000122 | medium | 5.3 | 5.3 | 9y ago | The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release… | |||
| CVE-2017-6161 | medium | 5.3 | 5.3 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSy… | |||
| CVE-2017-5107 | medium | 5.3 | 5.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5061 | medium | 5.3 | 5.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-1230 | medium | 5.3 | 5.3 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attacke… | |||
| CVE-2017-1225 | medium | 5.3 | 5.3 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs v… | |||
| CVE-2017-1220 | medium | 5.3 | 5.3 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID… | |||
| CVE-2017-15906 | medium | 5.3 | 5.3 | 9y ago | The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | |||
| CVE-2017-9947 | medium | 5.3 | 5.3 | 9y ago | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with netw… | |||
| CVE-2017-7147 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive a… | |||
| CVE-2017-7146 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that le… | |||
| CVE-2017-7145 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location dat… | |||
| CVE-2017-7142 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protectio… | |||
| CVE-2017-7141 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load rem… | |||
| CVE-2017-7140 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading k… | |||
| CVE-2017-7078 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sens… | |||
| CVE-2017-2131 | medium | 5.3 | 5.3 | 9y ago | Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. | |||
| CVE-2017-10383 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Interface). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitab… | |||
| CVE-2017-10357 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded… | |||
| CVE-2017-10350 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easil… | |||
| CVE-2017-10349 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. … | |||
| CVE-2017-10348 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u… | |||
| CVE-2017-10347 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. … | |||
| CVE-2017-10342 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily explo… | |||
| CVE-2017-10336 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1… | |||
| CVE-2017-10331 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.… | |||
| CVE-2017-10324 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 1… | |||
| CVE-2017-10322 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 1… | |||
| CVE-2017-10319 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vul… | |||
| CVE-2017-10300 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Siebel Business Service Issues). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulne… | |||
| CVE-2017-10283 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult t… | |||
| CVE-2017-10281 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE… | |||
| CVE-2017-10264 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows un… | |||
| CVE-2017-10203 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unau… | |||
| CVE-2017-10154 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerabil… | |||
| CVE-2017-10066 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 1… | |||
| CVE-2017-12285 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Travers… | |||
| CVE-2017-13088 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response fra… | |||
| CVE-2017-13087 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowin… | |||
| CVE-2017-13081 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio ran… | |||
| CVE-2017-13080 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points… | |||
| CVE-2017-13079 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio rang… | |||
| CVE-2017-13078 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points … | |||
| CVE-2017-15300 | medium | 5.3 | 5.3 | 9y ago | The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as "GET / HTTP/1.1"), which allows for a Denial of Ser… | |||
| CVE-2017-10621 | medium | 5.3 | 5.3 | 9y ago | A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior t… | |||
| CVE-2017-10616 | medium | 5.3 | 5.3 | 9y ago | The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior … | |||
| CVE-2017-15014 | medium | 4.3 | 5.3 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardl… | |||
| CVE-2017-8715 | medium | 5.3 | 5.3 | 9y ago | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows… | |||
| CVE-2017-11815 | medium | 5.3 | 5.3 | 9y ago | The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and… | |||
| CVE-2017-12849 | medium | 5.3 | 5.3 | 9y ago | Silverstripe CMS User Enumeration | |||
| CVE-2017-10862 | medium | 5.3 | 5.3 | 9y ago | Insufficient Data Verification in io.really:jwt-scala | |||
| CVE-2017-9273 | medium | 5.3 | 5.3 | 9y ago | The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. |