CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6061 | medium | 4.7 | 4.7 | 9y ago | Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET requ… | |||
| CVE-2017-6883 | medium | 4.7 | 4.7 | 9y ago | The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read a… | |||
| CVE-2017-0537 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate bec… | |||
| CVE-2017-0536 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate… | |||
| CVE-2017-0535 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0534 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0533 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0532 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate … | |||
| CVE-2017-0531 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0497 | medium | 4.7 | 4.7 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an unco… | |||
| CVE-2017-0461 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0459 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0452 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it… | |||
| CVE-2017-0451 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-3313 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Dif… | |||
| CVE-2017-3283 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12… | |||
| CVE-2017-3282 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12… | |||
| CVE-2017-3281 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12… | |||
| CVE-2017-3280 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12… | |||
| CVE-2017-3245 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily e… | |||
| CVE-2017-3236 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2017-3803 | medium | 4.7 | 4.7 | 10y ago | A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue … | |||
| CVE-2017-8173 | medium | 4.6 | 4.6 | 9y ago | Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 v… | |||
| CVE-2017-8171 | medium | 4.6 | 4.6 | 9y ago | Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory… | |||
| CVE-2017-8161 | medium | 4.6 | 4.6 | 9y ago | EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 … | |||
| CVE-2017-8152 | medium | 4.6 | 4.6 | 9y ago | Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access f… | |||
| CVE-2017-2721 | medium | 4.6 | 4.6 | 9y ago | Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150C… | |||
| CVE-2017-2710 | medium | 4.6 | 4.6 | 9y ago | BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, e… | |||
| CVE-2017-2708 | medium | 4.6 | 4.6 | 9y ago | The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory rese… | |||
| CVE-2017-10890 | medium | 4.6 | 4.6 | 9y ago | Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versio… | |||
| CVE-2017-13786 | medium | 4.6 | 4.6 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryptio… | |||
| CVE-2017-10375 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vu… | |||
| CVE-2017-10306 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows… | |||
| CVE-2017-10197 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Folios). The supported version that is affected is 5.4.2.x through 5.5.1.… | |||
| CVE-2017-5695 | medium | 4.6 | 4.6 | 9y ago | Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF… | |||
| CVE-2017-5694 | medium | 4.6 | 4.6 | 9y ago | Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2017-10187 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10168 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Windows). The supported version that is affected is 1.1. Difficult to exploit vulnera… | |||
| CVE-2017-10010 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: FileUploads). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and … | |||
| CVE-2017-9495 | medium | 4.6 | 4.6 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an RF4… | |||
| CVE-2017-8769 | medium | 4.6 | 4.6 | 9y ago | Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat… | |||
| CVE-2017-8924 | medium | 4.6 | 4.6 | 9y ago | The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uniniti… | |||
| CVE-2017-8900 | medium | 4.6 | 4.6 | 9y ago | LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users… | |||
| CVE-2017-5625 | medium | 4.6 | 4.6 | 9y ago | In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by … | |||
| CVE-2017-3536 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" v… | |||
| CVE-2017-7305 | medium | 4.6 | 4.6 | 9y ago | Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: … | |||
| CVE-2017-5670 | medium | 4.6 | 4.6 | 9y ago | Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw di… | |||
| CVE-2017-2452 | medium | 4.6 | 4.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock scr… | |||
| CVE-2017-2399 | medium | 4.6 | 4.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by lever… | |||
| CVE-2017-2352 | medium | 4.6 | 4.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to by… | |||
| CVE-2017-10897 | medium | 4.5 | 4.5 | 9y ago | Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified v… | |||
| CVE-2017-15525 | medium | 4.5 | 4.5 | 9y ago | Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine o… | |||
| CVE-2017-11818 | medium | 4.5 | 4.5 | 9y ago | The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypa… | |||
| CVE-2017-10003 | medium | 4.5 | 4.5 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability … | |||
| CVE-2017-4015 | medium | 4.5 | 4.5 | 9y ago | Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | |||
| CVE-2017-1336 | medium | 4.4 | 4.4 | 9y ago | IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | |||
| CVE-2017-12332 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restric… | |||
| CVE-2017-12306 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability… | |||
| CVE-2017-16637 | medium | 4.4 | 4.4 | 9y ago | In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdva… | |||
| CVE-2017-1000157 | medium | 4.4 | 4.4 | 9y ago | Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creatio… | |||
| CVE-2017-14327 | medium | 4.4 | 4.4 | 9y ago | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files. | |||
| CVE-2017-10286 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vu… | |||
| CVE-2017-10099 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the SPARC M7, T7, S7 based Servers component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Prior to 9.7.6.b. Easily exploit… | |||
| CVE-2017-12289 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system … | |||
| CVE-2017-10606 | medium | 4.4 | 4.4 | 9y ago | Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive informatio… | |||
| CVE-2017-1339 | medium | 4.4 | 4.4 | 9y ago | IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or adm… | |||
| CVE-2017-12153 | medium | 4.4 | 4.4 | 9y ago | A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are … | |||
| CVE-2017-6795 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files o… | |||
| CVE-2017-5698 | medium | 4.4 | 4.4 | 9y ago | Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmw… | |||
| CVE-2017-14051 | medium | 4.4 | 4.4 | 9y ago | An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corru… | |||
| CVE-2017-3649 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to explo… | |||
| CVE-2017-3648 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. D… | |||
| CVE-2017-3647 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to explo… | |||
| CVE-2017-10200 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows… | |||
| CVE-2017-10182 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Export Functionality). Supported versions that are affected are 5.4… | |||
| CVE-2017-11334 | medium | 4.4 | 4.4 | 9y ago | The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by… | |||
| CVE-2017-0190 | medium | 4.4 | 4.4 | 9y ago | The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 al… | |||
| CVE-2017-3483 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are… | |||
| CVE-2017-0164 | medium | 4.4 | 4.4 | 9y ago | A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Ser… | |||
| CVE-2017-6602 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an aut… | |||
| CVE-2017-0154 | medium | 4.4 | 4.4 | 9y ago | Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it int… | |||
| CVE-2017-5551 | medium | 4.4 | 4.4 | 9y ago | The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group pri… | |||
| CVE-2017-3243 | medium | 4.4 | 4.4 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows hi… | |||
| CVE-2017-7152 | medium | 4.3 | 4.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a cr… | |||
| CVE-2017-1191 | medium | 4.3 | 4.3 | 9y ago | An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 12366… | |||
| CVE-2017-10907 | medium | 4.3 | 4.3 | 9y ago | Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | |||
| CVE-2017-1257 | medium | 4.3 | 4.3 | 9y ago | IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. | |||
| CVE-2017-17696 | medium | 4.3 | 4.3 | 9y ago | Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php. | |||
| CVE-2017-17693 | medium | 4.3 | 4.3 | 9y ago | Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback. | |||
| CVE-2017-1507 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. | |||
| CVE-2017-1481 | medium | 4.3 | 4.3 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. | |||
| CVE-2017-1342 | medium | 4.3 | 4.3 | 9y ago | IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457. | |||
| CVE-2017-12365 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker c… | |||
| CVE-2017-12360 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vul… | |||
| CVE-2017-1570 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. | |||
| CVE-2017-1484 | medium | 4.3 | 4.3 | 9y ago | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. | |||
| CVE-2017-1283 | medium | 4.3 | 4.3 | 9y ago | IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IB… | |||
| CVE-2017-1251 | medium | 4.3 | 4.3 | 9y ago | An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. | |||
| CVE-2017-1240 | medium | 4.3 | 4.3 | 9y ago | IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. | |||
| CVE-2017-8168 | medium | 4.3 | 4.3 | 9y ago | FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmissi… |