CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2962 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization funct… | |||
| CVE-2017-2961 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functio… | |||
| CVE-2017-2960 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to pa… | |||
| CVE-2017-2959 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsin… | |||
| CVE-2017-2958 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitatio… | |||
| CVE-2017-2957 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaborati… | |||
| CVE-2017-2956 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulatio… | |||
| CVE-2017-2955 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitatio… | |||
| CVE-2017-2954 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling … | |||
| CVE-2017-2953 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processin… | |||
| CVE-2017-2952 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the image conversion module rela… | |||
| CVE-2017-2951 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functiona… | |||
| CVE-2017-2950 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionali… | |||
| CVE-2017-2949 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could… | |||
| CVE-2017-2948 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful explo… | |||
| CVE-2017-2946 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic … | |||
| CVE-2017-2945 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploit… | |||
| CVE-2017-2944 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Succes… | |||
| CVE-2017-2943 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successf… | |||
| CVE-2017-2942 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when processing TIFF image data. Successful explo… | |||
| CVE-2017-2941 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Suc… | |||
| CVE-2017-2940 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful e… | |||
| CVE-2017-2939 | high | 7.8 | 7.8 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference t… | |||
| CVE-2017-0003 | high | 7.8 | 7.8 | 10y ago | Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | |||
| CVE-2017-11823 | medium | 6.7 | 7.7 | 9y ago | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microso… | |||
| CVE-2017-12423 | high | 7.7 | 7.7 | 9y ago | NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. | |||
| CVE-2017-10091 | high | 7.7 | 7.7 | 9y ago | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 12.1.0, 13.1.0 and 13.… | |||
| CVE-2017-10000 | high | 7.7 | 7.7 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easil… | |||
| CVE-2017-3516 | high | 7.7 | 7.7 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" v… | |||
| CVE-2017-3511 | high | 7.7 | 7.7 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JR… | |||
| CVE-2017-3309 | high | 7.7 | 7.7 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. … | |||
| CVE-2017-3308 | high | 7.7 | 7.7 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily… | |||
| CVE-2017-6610 | high | 7.7 | 7.7 | 9y ago | A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerabilit… | |||
| CVE-2017-6609 | high | 7.7 | 7.7 | 9y ago | A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malform… | |||
| CVE-2017-7566 | high | 7.7 | 7.7 | 9y ago | MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. | |||
| CVE-2017-6516 | medium | 6.7 | 7.7 | 9y ago | A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-… | |||
| CVE-2017-7154 | medium | 6.6 | 7.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows lo… | |||
| CVE-2017-0301 | high | 7.6 | 7.6 | 9y ago | In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in … | |||
| CVE-2017-11885 | medium | 6.6 | 7.6 | 9y ago | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709… | |||
| CVE-2017-10232 | high | 7.6 | 7.6 | 9y ago | Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploi… | |||
| CVE-2017-10130 | high | 7.6 | 7.6 | 9y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Management). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12… | |||
| CVE-2017-10119 | high | 7.6 | 7.6 | 9y ago | Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: OSB Web Console Design, Admin). The supported version that is affected is 11.1.1.9.0. Easily exploitable v… | |||
| CVE-2017-10059 | high | 7.6 | 7.6 | 9y ago | Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Mobile Service). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows l… | |||
| CVE-2017-10041 | high | 7.6 | 7.6 | 9y ago | Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable … | |||
| CVE-2017-10001 | high | 7.6 | 7.6 | 9y ago | Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 1.7.1. Easily exploitable v… | |||
| CVE-2017-0212 | high | 7.6 | 7.6 | 9y ago | Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows H… | |||
| CVE-2017-3596 | high | 7.6 | 7.6 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-3254 | high | 7.6 | 7.6 | 9y ago | Vulnerability in the Oracle Retail Invoice Matching component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 12.0 and 13.0. Easily "exploitable" vuln… | |||
| CVE-2017-7938 | medium | 6.6 | 7.6 | 9y ago | Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other i… | |||
| CVE-2017-0181 | high | 7.6 | 7.6 | 9y ago | A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user… | |||
| CVE-2017-0180 | high | 7.6 | 7.6 | 9y ago | A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka … | |||
| CVE-2017-0163 | high | 7.6 | 7.6 | 9y ago | A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka … | |||
| CVE-2017-0162 | high | 7.6 | 7.6 | 9y ago | A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly val… | |||
| CVE-2017-0109 | high | 7.6 | 7.6 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows gu… | |||
| CVE-2017-0095 | high | 7.6 | 7.6 | 9y ago | Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V… | |||
| CVE-2017-0075 | high | 7.6 | 7.6 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows gu… | |||
| CVE-2017-5165 | high | 7.6 | 7.6 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vu… | |||
| CVE-2017-3330 | high | 7.6 | 7.6 | 10y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows low privileged… | |||
| CVE-2017-14696 | high | 7.5 | 7.5 | 4y ago | SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | |||
| CVE-2017-14033 | high | 7.5 | 7.5 | 4y ago | Ruby OpenSSL DoS Vulnerability | |||
| CVE-2017-5936 | high | 7.5 | 7.5 | 4y ago | OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restriction… | |||
| CVE-2017-1000026 | high | 7.5 | 7.5 | 4y ago | Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | |||
| CVE-2017-12626 | high | 7.5 | 7.5 | 6y ago | Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Me… | |||
| CVE-2017-16932 | high | 7.5 | 7.5 | 9y ago | Nokogiri gem, via libxml, is affected by DoS vulnerabilities | |||
| CVE-2017-17997 | high | 7.5 | 7.5 | 9y ago | In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar… | |||
| CVE-2017-17901 | high | 7.5 | 7.5 | 9y ago | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | |||
| CVE-2017-17935 | high | 7.5 | 7.5 | 9y ago | The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflo… | |||
| CVE-2017-17898 | high | 7.5 | 7.5 | 9y ago | Dolibarr sensitive information disclosure | |||
| CVE-2017-17850 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must… | |||
| CVE-2017-17848 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a … | |||
| CVE-2017-17847 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the enti… | |||
| CVE-2017-17846 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003. | |||
| CVE-2017-12741 | high | 7.5 | 7.5 | 9y ago | Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually. | |||
| CVE-2017-13903 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the … | |||
| CVE-2017-13874 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection me… | |||
| CVE-2017-13871 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/… | |||
| CVE-2017-14022 | high | 7.5 | 7.5 | 9y ago | An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with Fact… | |||
| CVE-2017-15328 | high | 7.5 | 7.5 | 9y ago | Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the priv… | |||
| CVE-2017-15324 | high | 7.5 | 7.5 | 9y ago | Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnera… | |||
| CVE-2017-15320 | high | 7.5 | 7.5 | 9y ago | RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bou… | |||
| CVE-2017-15319 | high | 7.5 | 7.5 | 9y ago | RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bou… | |||
| CVE-2017-15318 | high | 7.5 | 7.5 | 9y ago | RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bou… | |||
| CVE-2017-15317 | high | 7.5 | 7.5 | 9y ago | AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R0… | |||
| CVE-2017-10908 | high | 7.5 | 7.5 | 9y ago | H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. | |||
| CVE-2017-10869 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors. | |||
| CVE-2017-10868 | high | 7.5 | 7.5 | 9y ago | H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. | |||
| CVE-2017-6167 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being execute… | |||
| CVE-2017-6151 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers … | |||
| CVE-2017-6140 | high | 7.5 | 7.5 | 9y ago | On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 1… | |||
| CVE-2017-6138 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profil… | |||
| CVE-2017-6135 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP … | |||
| CVE-2017-6133 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. | |||
| CVE-2017-6132 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of… | |||
| CVE-2017-6129 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow no… | |||
| CVE-2017-17818 | high | 7.5 | 7.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. | |||
| CVE-2017-14385 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior t… | |||
| CVE-2017-1598 | high | 7.5 | 7.5 | 9y ago | IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. | |||
| CVE-2017-17793 | high | 7.5 | 7.5 | 9y ago | Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read… | |||
| CVE-2017-17783 | high | 7.5 | 7.5 | 9y ago | In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. | |||
| CVE-2017-17763 | high | 7.5 | 7.5 | 9y ago | SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to sen… |