CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12267 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA… | |||
| CVE-2017-12264 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficie… | |||
| CVE-2017-9628 | medium | 5.3 | 5.3 | 9y ago | An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames… | |||
| CVE-2017-1000105 | medium | 5.3 | 5.3 | 9y ago | Missing Authorization in Jenkins Blue Ocean Plugin | |||
| CVE-2017-1000089 | medium | 5.3 | 5.3 | 9y ago | Jenkins Build Step Plugin fails to check Item/Build permission | |||
| CVE-2017-1126 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Forc… | |||
| CVE-2017-13991 | medium | 5.3 | 5.3 | 9y ago | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | |||
| CVE-2017-13990 | medium | 5.3 | 5.3 | 9y ago | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | |||
| CVE-2017-14748 | medium | 5.3 | 5.3 | 9y ago | Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific t… | |||
| CVE-2017-9960 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should b… | |||
| CVE-2017-12250 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related proces… | |||
| CVE-2017-14513 | medium | 5.3 | 5.3 | 9y ago | Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/p… | |||
| CVE-2017-1490 | medium | 5.3 | 5.3 | 9y ago | An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. | |||
| CVE-2017-8746 | medium | 5.3 | 5.3 | 9y ago | Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "De… | |||
| CVE-2017-8716 | medium | 5.3 | 5.3 | 9y ago | Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles … | |||
| CVE-2017-8713 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulner… | |||
| CVE-2017-8712 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated… | |||
| CVE-2017-8711 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user o… | |||
| CVE-2017-8707 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an i… | |||
| CVE-2017-8706 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from … | |||
| CVE-2017-8704 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a gu… | |||
| CVE-2017-8695 | medium | 5.3 | 5.3 | 9y ago | Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Off… | |||
| CVE-2017-11761 | medium | 5.3 | 5.3 | 9y ago | Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Mi… | |||
| CVE-2017-14231 | medium | 5.3 | 5.3 | 9y ago | GeniXCMS denial of service (account blockage) | |||
| CVE-2017-5147 | medium | 5.3 | 5.3 | 9y ago | An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malici… | |||
| CVE-2017-12217 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, rem… | |||
| CVE-2017-12211 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of … | |||
| CVE-2017-3735 | medium | 5.3 | 5.3 | 9y ago | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been pres… | |||
| CVE-2017-12709 | medium | 5.3 | 5.3 | 9y ago | A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials,… | |||
| CVE-2017-8446 | medium | 5.3 | 5.3 | 9y ago | Improper Privilege Management in X-Pack | |||
| CVE-2017-6784 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could us… | |||
| CVE-2017-6781 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affect… | |||
| CVE-2017-9662 | medium | 5.3 | 5.3 | 9y ago | An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by def… | |||
| CVE-2017-8644 | medium | 4.3 | 5.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi… | |||
| CVE-2017-8637 | medium | 5.3 | 5.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler,… | |||
| CVE-2017-3637 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privil… | |||
| CVE-2017-3636 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vul… | |||
| CVE-2017-3635 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low… | |||
| CVE-2017-3529 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low pri… | |||
| CVE-2017-10244 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12… | |||
| CVE-2017-10207 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Utilities). The supported version that is affected is 2.9. Easily exploitable vulnerabilit… | |||
| CVE-2017-10192 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2… | |||
| CVE-2017-10186 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User and Company Profile). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2… | |||
| CVE-2017-10184 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 an… | |||
| CVE-2017-10117 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily explo… | |||
| CVE-2017-10109 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Em… | |||
| CVE-2017-10108 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Em… | |||
| CVE-2017-10093 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10069 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability al… | |||
| CVE-2017-10062 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Oracle Java Web Console). The supported version that is affected is 10. Easily exploitable vulnerability all… | |||
| CVE-2017-10053 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u1… | |||
| CVE-2017-10045 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Difficult to… | |||
| CVE-2017-9494 | medium | 5.3 | 5.3 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. | |||
| CVE-2017-9491 | medium | 5.3 | 5.3 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmw… | |||
| CVE-2017-7006 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-9339 | medium | 5.3 | 5.3 | 9y ago | A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowin… | |||
| CVE-2017-7685 | medium | 5.3 | 5.3 | 9y ago | Apache OpenMeetings responds to insecure HTTP methods | |||
| CVE-2017-10604 | medium | 5.3 | 5.3 | 9y ago | When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the r… | |||
| CVE-2017-6730 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected syst… | |||
| CVE-2017-6727 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition … | |||
| CVE-2017-2239 | medium | 5.3 | 5.3 | 9y ago | Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript. | |||
| CVE-2017-6721 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to rest… | |||
| CVE-2017-6040 | medium | 5.3 | 5.3 | 9y ago | An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously. | |||
| CVE-2017-6032 | medium | 5.3 | 5.3 | 9y ago | A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-f… | |||
| CVE-2017-1328 | medium | 5.3 | 5.3 | 9y ago | IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker… | |||
| CVE-2017-1117 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155. | |||
| CVE-2017-3215 | medium | 5.3 | 5.3 | 9y ago | The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions. | |||
| CVE-2017-0219 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker… | |||
| CVE-2017-0218 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker… | |||
| CVE-2017-0216 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malici… | |||
| CVE-2017-0215 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Wi… | |||
| CVE-2017-0173 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Wi… | |||
| CVE-2017-4986 | medium | 5.3 | 5.3 | 9y ago | EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. | |||
| CVE-2017-9502 | medium | 5.3 | 5.3 | 9y ago | In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL witho… | |||
| CVE-2017-9434 | medium | 5.3 | 5.3 | 9y ago | Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. | |||
| CVE-2017-6039 | medium | 5.3 | 5.3 | 9y ago | A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device. | |||
| CVE-2017-2311 | medium | 5.3 | 5.3 | 9y ago | On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition. | |||
| CVE-2017-2310 | medium | 5.3 | 5.3 | 9y ago | A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. | |||
| CVE-2017-1292 | medium | 5.3 | 5.3 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153. | |||
| CVE-2017-6647 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected syste… | |||
| CVE-2017-6646 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vu… | |||
| CVE-2017-6645 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an a… | |||
| CVE-2017-6644 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerab… | |||
| CVE-2017-6643 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected sy… | |||
| CVE-2017-6642 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerab… | |||
| CVE-2017-6630 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. … | |||
| CVE-2017-4017 | medium | 5.3 | 5.3 | 9y ago | User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. | |||
| CVE-2017-4016 | medium | 5.3 | 5.3 | 9y ago | Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header. | |||
| CVE-2017-4013 | medium | 5.3 | 5.3 | 9y ago | Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. | |||
| CVE-2017-7490 | medium | 5.3 | 5.3 | 9y ago | Moodle Unauthorized searching of arbitrary blogs by typing full url | |||
| CVE-2017-0256 | medium | 5.3 | 5.3 | 9y ago | Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc | |||
| CVE-2017-0241 | medium | 5.3 | 5.3 | 9y ago | An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and a… | |||
| CVE-2017-0302 | medium | 5.3 | 5.3 | 9y ago | In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the req… | |||
| CVE-2017-6629 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected devi… | |||
| CVE-2017-6626 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve informatio… | |||
| CVE-2017-6624 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a conf… | |||
| CVE-2017-8459 | medium | 5.3 | 5.3 | 9y ago | Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have le… | |||
| CVE-2017-7428 | medium | 5.3 | 5.3 | 9y ago | NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. | |||
| CVE-2017-8388 | medium | 5.3 | 5.3 | 9y ago | GeniXCMS Mailbox validation logic vulnerability | |||
| CVE-2017-8385 | medium | 5.3 | 5.3 | 9y ago | Craft CMS subject to URL forgery |