CVEs from 2017
Total
11,657
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14018 | medium | 4.8 | 4.8 | 9y ago | An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used b… | |||
| CVE-2017-13700 | medium | 4.8 | 4.8 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. | |||
| CVE-2017-1000213 | medium | 4.8 | 4.8 | 9y ago | WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | |||
| CVE-2017-16842 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script o… | |||
| CVE-2017-16758 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web … | |||
| CVE-2017-16569 | medium | 4.8 | 4.8 | 9y ago | An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | |||
| CVE-2017-15039 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | |||
| CVE-2017-1000144 | medium | 4.8 | 4.8 | 9y ago | Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, w… | |||
| CVE-2017-1000132 | medium | 4.8 | 4.8 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to do… | |||
| CVE-2017-15948 | medium | 4.8 | 4.8 | 9y ago | Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admi… | |||
| CVE-2017-15911 | medium | 4.8 | 4.8 | 9y ago | Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console | |||
| CVE-2017-15881 | medium | 4.8 | 4.8 | 9y ago | Cross-Site Scripting in keystone | |||
| CVE-2017-15872 | medium | 4.8 | 4.8 | 9y ago | phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. | |||
| CVE-2017-15728 | medium | 4.8 | 4.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. | |||
| CVE-2017-10386 | medium | 4.8 | 4.8 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily explo… | |||
| CVE-2017-10161 | medium | 4.8 | 4.8 | 9y ago | Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Services Security). Supported versions that are affected are 6.1.3.0 and 6.2… | |||
| CVE-2017-15188 | medium | 4.8 | 4.8 | 9y ago | A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array par… | |||
| CVE-2017-15008 | medium | 4.8 | 4.8 | 9y ago | PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element. | |||
| CVE-2017-9537 | medium | 4.8 | 4.8 | 9y ago | Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various v… | |||
| CVE-2017-14983 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object paramet… | |||
| CVE-2017-14651 | medium | 4.8 | 4.8 | 9y ago | WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | |||
| CVE-2017-14597 | medium | 4.8 | 4.8 | 9y ago | AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. | |||
| CVE-2017-12844 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user n… | |||
| CVE-2017-10149 | medium | 4.8 | 4.8 | 9y ago | Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.… | |||
| CVE-2017-10063 | medium | 4.8 | 4.8 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Dif… | |||
| CVE-2017-12572 | medium | 4.8 | 4.8 | 9y ago | Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrat… | |||
| CVE-2017-3742 | medium | 4.8 | 4.8 | 9y ago | In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for th… | |||
| CVE-2017-8000 | medium | 4.8 | 4.8 | 9y ago | In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database… | |||
| CVE-2017-2146 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. | |||
| CVE-2017-9836 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating… | |||
| CVE-2017-9452 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||
| CVE-2017-9366 | medium | 4.8 | 4.8 | 9y ago | Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2017-3128 | medium | 4.8 | 4.8 | 9y ago | A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | |||
| CVE-2017-8780 | medium | 4.8 | 4.8 | 9y ago | GeniXCMS Cross-site Scripting | |||
| CVE-2017-2387 | medium | 4.8 | 4.8 | 9y ago | The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt… | |||
| CVE-2017-7309 | medium | 4.8 | 4.8 | 9y ago | MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php | |||
| CVE-2017-7241 | medium | 4.8 | 4.8 | 9y ago | MantisBT XSS via move_attachments_page.php | |||
| CVE-2017-6973 | medium | 4.8 | 4.8 | 9y ago | MantisBT XSS via adm_config_report.php's action parameter | |||
| CVE-2017-16355 | medium | 4.7 | 4.7 | 4y ago | In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the co… | |||
| CVE-2017-16678 | medium | 4.7 | 4.7 | 9y ago | Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attack… | |||
| CVE-2017-17449 | medium | 4.7 | 4.7 | 9y ago | multiple issues in linux-lts | |||
| CVE-2017-17383 | medium | 4.7 | 4.7 | 9y ago | Cross-site Scripting in Jenkins Core | |||
| CVE-2017-12345 | medium | 4.7 | 4.7 | 9y ago | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicio… | |||
| CVE-2017-8148 | medium | 4.7 | 4.7 | 9y ago | Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the … | |||
| CVE-2017-11880 | medium | 4.7 | 4.7 | 9y ago | Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attac… | |||
| CVE-2017-11852 | medium | 4.7 | 4.7 | 9y ago | Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's sys… | |||
| CVE-2017-11851 | medium | 4.7 | 4.7 | 9y ago | The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016… | |||
| CVE-2017-11849 | medium | 4.7 | 4.7 | 9y ago | Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, … | |||
| CVE-2017-11842 | medium | 4.7 | 4.7 | 9y ago | Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a… | |||
| CVE-2017-11832 | medium | 4.7 | 4.7 | 9y ago | The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not i… | |||
| CVE-2017-5065 | medium | 4.7 | 4.7 | 9y ago | multiple issues in chromium | |||
| CVE-2017-12618 | medium | 4.7 | 4.7 | 9y ago | Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A loc… | |||
| CVE-2017-10382 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easil… | |||
| CVE-2017-10380 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to… | |||
| CVE-2017-10318 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable … | |||
| CVE-2017-11817 | medium | 4.7 | 4.7 | 9y ago | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-13721 | medium | 4.7 | 4.7 | 9y ago | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared mem… | |||
| CVE-2017-9676 | medium | 4.7 | 4.7 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a… | |||
| CVE-2017-8281 | medium | 4.7 | 4.7 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | |||
| CVE-2017-8719 | medium | 4.7 | 4.7 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-8709 | medium | 4.7 | 4.7 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-1434 | medium | 4.7 | 4.7 | 9y ago | IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. | |||
| CVE-2017-14159 | medium | 4.7 | 4.7 | 9y ago | slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-roo… | |||
| CVE-2017-9682 | medium | 4.7 | 4.7 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | |||
| CVE-2017-8627 | medium | 4.7 | 4.7 | 9y ago | Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability". | |||
| CVE-2017-10252 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Diffic… | |||
| CVE-2017-10251 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54 and 8.55. Difficult to exp… | |||
| CVE-2017-10250 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vul… | |||
| CVE-2017-10020 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Diffic… | |||
| CVE-2017-10015 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Designer). Supported versions that are affected are 8.54 and 8.55. Difficult … | |||
| CVE-2017-8486 | medium | 4.7 | 4.7 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an informati… | |||
| CVE-2017-1284 | medium | 4.7 | 4.7 | 9y ago | IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM… | |||
| CVE-2017-8554 | medium | 4.7 | 4.7 | 9y ago | The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 a… | |||
| CVE-2017-8553 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows … | |||
| CVE-2017-0651 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it f… | |||
| CVE-2017-0650 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low beca… | |||
| CVE-2017-4899 | medium | 4.7 | 4.7 | 9y ago | VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. … | |||
| CVE-2017-2500 | medium | 4.7 | 4.7 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web s… | |||
| CVE-2017-9079 | medium | 4.7 | 4.7 | 9y ago | Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is re… | |||
| CVE-2017-9071 | medium | 4.7 | 4.7 | 9y ago | MODX Revolution XSS via HTTP Host header | |||
| CVE-2017-0634 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate… | |||
| CVE-2017-0633 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2017-0632 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate … | |||
| CVE-2017-0631 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0630 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0629 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0628 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0627 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it… | |||
| CVE-2017-0603 | medium | 4.7 | 4.7 | 9y ago | A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because i… | |||
| CVE-2017-0354 | medium | 4.7 | 4.7 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made unde… | |||
| CVE-2017-8372 | medium | 4.7 | 4.7 | 9y ago | The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafte… | |||
| CVE-2017-3535 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-3495 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily "… | |||
| CVE-2017-3494 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Retail Teller). Supported versions that are affected are 11.3.0, 11.4.0, 12.0… | |||
| CVE-2017-3480 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and … | |||
| CVE-2017-3471 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Eas… | |||
| CVE-2017-5969 | medium | 4.7 | 4.7 | 9y ago | libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of… | |||
| CVE-2017-0586 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0585 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0584 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… |