CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8383 | medium | 5.3 | 5.3 | 9y ago | Craft CMS Unauthorized View | |||
| CVE-2017-2150 | medium | 5.3 | 5.3 | 9y ago | Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. | |||
| CVE-2017-2143 | medium | 5.3 | 5.3 | 9y ago | CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a c… | |||
| CVE-2017-2139 | medium | 5.3 | 5.3 | 9y ago | CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction… | |||
| CVE-2017-8301 | medium | 5.3 | 5.3 | 9y ago | LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callbac… | |||
| CVE-2017-1170 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230. | |||
| CVE-2017-8217 | medium | 5.3 | 5.3 | 9y ago | TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | |||
| CVE-2017-8115 | medium | 5.3 | 5.3 | 9y ago | Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | |||
| CVE-2017-8057 | medium | 5.3 | 5.3 | 9y ago | In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. | |||
| CVE-2017-7988 | medium | 5.3 | 5.3 | 9y ago | In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. | |||
| CVE-2017-7983 | medium | 5.3 | 5.3 | 9y ago | In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. | |||
| CVE-2017-3585 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface subsystem). The supported version that is affected is AK 2013. Eas… | |||
| CVE-2017-3567 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having… | |||
| CVE-2017-3556 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 an… | |||
| CVE-2017-3527 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable"… | |||
| CVE-2017-3502 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). The supported version that is affected is 9.2. Easily "exploitable" vul… | |||
| CVE-2017-3470 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications (subcomponent: Network). The supported version that is affected is 3.0.0. Easily "exploitab… | |||
| CVE-2017-3305 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vul… | |||
| CVE-2017-8104 | medium | 5.3 | 5.3 | 9y ago | In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | |||
| CVE-2017-1000360 | medium | 5.3 | 5.3 | 9y ago | OpenDaylight NULL Pointer Dereference | |||
| CVE-2017-1000359 | medium | 5.3 | 5.3 | 9y ago | Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. | |||
| CVE-2017-2340 | medium | 5.3 | 5.3 | 9y ago | On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in… | |||
| CVE-2017-2324 | medium | 5.3 | 5.3 | 9y ago | A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service … | |||
| CVE-2017-8078 | medium | 5.3 | 5.3 | 9y ago | On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8056 | medium | 5.3 | 5.3 | 9y ago | WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends… | |||
| CVE-2017-8055 | medium | 5.3 | 5.3 | 9y ago | WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier retu… | |||
| CVE-2017-5160 | medium | 5.3 | 5.3 | 9y ago | An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security witho… | |||
| CVE-2017-5653 | medium | 5.3 | 5.3 | 9y ago | Improper Certificate Validation in Apache CXF | |||
| CVE-2017-7627 | medium | 5.3 | 5.3 | 9y ago | The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check). | |||
| CVE-2017-7345 | medium | 5.3 | 5.3 | 9y ago | NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service t… | |||
| CVE-2017-6599 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to… | |||
| CVE-2017-1180 | medium | 5.3 | 5.3 | 9y ago | The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084. | |||
| CVE-2017-2414 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic c… | |||
| CVE-2017-2400 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leverag… | |||
| CVE-2017-2391 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are af… | |||
| CVE-2017-5184 | medium | 5.3 | 5.3 | 9y ago | A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | |||
| CVE-2017-1143 | medium | 5.3 | 5.3 | 9y ago | IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could… | |||
| CVE-2017-5238 | medium | 5.3 | 5.3 | 9y ago | Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. | |||
| CVE-2017-2643 | medium | 5.3 | 5.3 | 9y ago | Moodle Global search displays user names for unauthenticated users | |||
| CVE-2017-7264 | medium | 5.3 | 5.3 | 9y ago | Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unsp… | |||
| CVE-2017-6356 | medium | 5.3 | 5.3 | 9y ago | Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via … | |||
| CVE-2017-3879 | medium | 5.3 | 5.3 | 9y ago | A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a pro… | |||
| CVE-2017-3878 | medium | 5.3 | 5.3 | 9y ago | A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause… | |||
| CVE-2017-3875 | medium | 5.3 | 5.3 | 9y ago | An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypas… | |||
| CVE-2017-3867 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote… | |||
| CVE-2017-3815 | medium | 5.3 | 5.3 | 9y ago | An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerabil… | |||
| CVE-2017-6370 | medium | 5.3 | 5.3 | 9y ago | TYPO3 Information Disclosure Vulnerability | |||
| CVE-2017-6955 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immut… | |||
| CVE-2017-0128 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0127 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0126 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0125 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0124 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0123 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0122 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0121 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2017-0120 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0119 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0118 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2017-0117 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0116 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0115 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0114 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0113 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0112 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0111 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0092 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0091 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0085 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0043 | medium | 5.3 | 5.3 | 9y ago | Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive … | |||
| CVE-2017-5537 | medium | 5.3 | 5.3 | 9y ago | The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate use… | |||
| CVE-2017-3842 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information store… | |||
| CVE-2017-6072 | medium | 5.3 | 5.3 | 9y ago | CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. | |||
| CVE-2017-6071 | medium | 5.3 | 5.3 | 9y ago | CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml. | |||
| CVE-2017-0423 | medium | 5.3 | 5.3 | 9y ago | An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitat… | |||
| CVE-2017-3822 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the aud… | |||
| CVE-2017-3806 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to injec… | |||
| CVE-2017-5610 | medium | 5.3 | 5.3 | 10y ago | wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypas… | |||
| CVE-2017-3311 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0… | |||
| CVE-2017-3297 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Framework). Supported versions that are affected are 12.0.2 and 12.0.3. Difficul… | |||
| CVE-2017-3262 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauth… | |||
| CVE-2017-3805 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without au… | |||
| CVE-2017-3797 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCv… | |||
| CVE-2017-5541 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder… | |||
| CVE-2017-2576 | medium | 5.3 | 5.3 | 10y ago | Moodle Incorrect sanitation of attributes in forums | |||
| CVE-2017-5491 | medium | 5.3 | 5.3 | 10y ago | wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. | |||
| CVE-2017-10209 | medium | 5.2 | 5.2 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |||
| CVE-2017-17556 | medium | 5.1 | 5.1 | 9y ago | A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | |||
| CVE-2017-10419 | medium | 5.1 | 5.1 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnera… | |||
| CVE-2017-10054 | medium | 5.1 | 5.1 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The supported version that is affected is 7.30.564.0. Easily expl… | |||
| CVE-2017-6706 | medium | 5.1 | 5.1 | 9y ago | A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd072… | |||
| CVE-2017-3505 | medium | 5.1 | 5.1 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-3504 | medium | 5.1 | 5.1 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-12297 | medium | 5.0 | 5.0 | 9y ago | A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due… | |||
| CVE-2017-1340 | medium | 5.0 | 5.0 | 9y ago | IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455. | |||
| CVE-2017-15874 | medium | 5.0 | 5.0 | 9y ago | archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. | |||
| CVE-2017-10428 | medium | 5.0 | 5.0 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows… | |||
| CVE-2017-10275 | medium | 5.0 | 5.0 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). The supported version that is affected is AK 2013. Easily exploitabl… | |||
| CVE-2017-10033 | medium | 4.0 | 5.0 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Supported versions that are affected are 11.1.1.8.0 and 12.2.1.2.0. Difficult to explo… | |||
| CVE-2017-10617 | medium | 5.0 | 5.0 | 9y ago | The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks… |