CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12734 | high | 7.5 | 7.5 | 9y ago | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the sessio… | |||
| CVE-2017-12710 | high | 7.5 | 7.5 | 9y ago | A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could … | |||
| CVE-2017-13780 | high | 7.5 | 7.5 | 9y ago | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | |||
| CVE-2017-3163 | high | 7.5 | 7.5 | 9y ago | Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core | |||
| CVE-2017-13767 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. | |||
| CVE-2017-13766 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. | |||
| CVE-2017-13765 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validat… | |||
| CVE-2017-13764 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. | |||
| CVE-2017-13763 | high | 7.5 | 7.5 | 9y ago | ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload | |||
| CVE-2017-0379 | high | 7.5 | 7.5 | 9y ago | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | |||
| CVE-2017-3154 | high | 7.5 | 7.5 | 9y ago | Apache Atlas produces Stack trace in error response | |||
| CVE-2017-12775 | high | 7.5 | 7.5 | 9y ago | qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. | |||
| CVE-2017-13752 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13751 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13750 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13749 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13748 | high | 7.5 | 7.5 | 9y ago | There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | |||
| CVE-2017-13747 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13746 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||
| CVE-2017-13745 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmsta… | |||
| CVE-2017-13735 | high | 7.5 | 7.5 | 9y ago | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | |||
| CVE-2017-13728 | high | 7.5 | 7.5 | 9y ago | There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-10843 | high | 7.5 | 7.5 | 9y ago | Arbitrary file delete in baserCMS | |||
| CVE-2017-0900 | high | 7.5 | 7.5 | 9y ago | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | |||
| CVE-2017-6594 | high | 7.5 | 7.5 | 9y ago | The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path o… | |||
| CVE-2017-13712 | high | 7.5 | 7.5 | 9y ago | NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. | |||
| CVE-2017-12954 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. | |||
| CVE-2017-12953 | medium | 6.5 | 7.5 | 9y ago | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. | |||
| CVE-2017-12952 | medium | 6.5 | 7.5 | 9y ago | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||
| CVE-2017-12951 | medium | 6.5 | 7.5 | 9y ago | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a craft… | |||
| CVE-2017-12950 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||
| CVE-2017-13710 | high | 7.5 | 7.5 | 9y ago | The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer der… | |||
| CVE-2017-13709 | high | 7.5 | 7.5 | 9y ago | In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. | |||
| CVE-2017-12817 | high | 7.5 | 7.5 | 9y ago | In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | |||
| CVE-2017-12694 | high | 7.5 | 7.5 | 9y ago | A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | |||
| CVE-2017-13692 | high | 7.5 | 7.5 | 9y ago | In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | |||
| CVE-2017-9511 | high | 7.5 | 7.5 | 9y ago | The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucib… | |||
| CVE-2017-9512 | high | 7.5 | 7.5 | 9y ago | The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committe… | |||
| CVE-2017-11424 | high | 7.5 | 7.5 | 9y ago | In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed becau… | |||
| CVE-2017-12836 | high | 7.5 | 7.5 | 9y ago | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand… | |||
| CVE-2017-13143 | high | 7.5 | 7.5 | 9y ago | In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from proces… | |||
| CVE-2017-8037 | high | 7.5 | 7.5 | 9y ago | In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took ste… | |||
| CVE-2017-12784 | high | 7.5 | 7.5 | 9y ago | In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An exam… | |||
| CVE-2017-12974 | high | 7.5 | 7.5 | 9y ago | Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT | |||
| CVE-2017-12972 | high | 7.5 | 7.5 | 9y ago | Nimbus JOSE+JWT missing overflow check | |||
| CVE-2017-12964 | high | 7.5 | 7.5 | 9y ago | There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. | |||
| CVE-2017-12963 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitabl… | |||
| CVE-2017-12962 | high | 7.5 | 7.5 | 9y ago | There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. | |||
| CVE-2017-12961 | high | 7.5 | 7.5 | 9y ago | There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||
| CVE-2017-12960 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||
| CVE-2017-12959 | high | 7.5 | 7.5 | 9y ago | There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. | |||
| CVE-2017-12958 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||
| CVE-2017-9680 | high | 7.5 | 7.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error mes… | |||
| CVE-2017-9679 | high | 7.5 | 7.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. | |||
| CVE-2017-11185 | high | 7.5 | 7.5 | 9y ago | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | |||
| CVE-2017-12944 | high | 7.5 | 7.5 | 9y ago | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and appl… | |||
| CVE-2017-9454 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DN… | |||
| CVE-2017-12440 | high | 7.5 | 7.5 | 9y ago | Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm act… | |||
| CVE-2017-12938 | high | 7.5 | 7.5 | 9y ago | UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | |||
| CVE-2017-12934 | high | 7.5 | 7.5 | 9y ago | ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/… | |||
| CVE-2017-6771 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insu… | |||
| CVE-2017-11664 | medium | 6.5 | 7.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-11663 | medium | 6.5 | 7.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-7548 | high | 7.5 | 7.5 | 9y ago | PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents o… | |||
| CVE-2017-12852 | high | 7.5 | 7.5 | 9y ago | The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. | |||
| CVE-2017-3110 | high | 7.5 | 7.5 | 9y ago | Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. | |||
| CVE-2017-3107 | high | 7.5 | 7.5 | 9y ago | Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. | |||
| CVE-2017-3091 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11280 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11279 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11278 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11277 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11276 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11275 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11272 | high | 7.5 | 7.5 | 9y ago | Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. | |||
| CVE-2017-7675 | high | 7.5 | 7.5 | 9y ago | The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypa… | |||
| CVE-2017-3130 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | |||
| CVE-2017-8518 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | |||
| CVE-2017-3156 | high | 7.5 | 7.5 | 9y ago | Covert Timing Channel in Apache CXF | |||
| CVE-2017-8674 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content whe… | |||
| CVE-2017-8672 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser … | |||
| CVE-2017-8669 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an … | |||
| CVE-2017-8661 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting … | |||
| CVE-2017-8655 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft br… | |||
| CVE-2017-8653 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 20… | |||
| CVE-2017-8652 | medium | 6.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi… | |||
| CVE-2017-8651 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly acce… | |||
| CVE-2017-8647 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling… | |||
| CVE-2017-8639 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engin… | |||
| CVE-2017-8638 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content whe… | |||
| CVE-2017-8633 | high | 7.5 | 7.5 | 9y ago | Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server… | |||
| CVE-2017-8516 | high | 7.5 | 7.5 | 9y ago | Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforce… | |||
| CVE-2017-0293 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote c… | |||
| CVE-2017-10245 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.… | |||
| CVE-2017-10176 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u13… | |||
| CVE-2017-10144 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitab… | |||
| CVE-2017-10136 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). The supported version that is affected is 2.9. Easily exploitable vulnerab… | |||
| CVE-2017-10118 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JR… | |||
| CVE-2017-10115 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u… | |||
| CVE-2017-10067 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows … |