CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10042 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenti… | |||
| CVE-2017-10036 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthen… | |||
| CVE-2017-10016 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is AK 2013. Difficult to … | |||
| CVE-2017-9938 | high | 7.5 | 7.5 | 9y ago | A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to caus… | |||
| CVE-2017-9801 | high | 7.5 | 7.5 | 9y ago | Improper Input Validation in Apache Commons Email | |||
| CVE-2017-7920 | high | 7.5 | 7.5 | 9y ago | An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific unifo… | |||
| CVE-2017-6766 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticat… | |||
| CVE-2017-6763 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affe… | |||
| CVE-2017-6752 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could … | |||
| CVE-2017-6745 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condit… | |||
| CVE-2017-6664 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected sy… | |||
| CVE-2017-12602 | high | 7.5 | 7.5 | 9y ago | Denial of Service in OpenCV | |||
| CVE-2017-12600 | high | 7.5 | 7.5 | 9y ago | Denial of Service in OpenCV | |||
| CVE-2017-12568 | high | 7.5 | 7.5 | 9y ago | Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by se… | |||
| CVE-2017-9864 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout polici… | |||
| CVE-2017-9862 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the applicat… | |||
| CVE-2017-9858 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in furth… | |||
| CVE-2017-9851 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the ven… | |||
| CVE-2017-12439 | high | 7.5 | 7.5 | 9y ago | SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML c… | |||
| CVE-2017-10949 | high | 7.5 | 7.5 | 9y ago | Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in… | |||
| CVE-2017-12435 | high | 7.5 | 7.5 | 9y ago | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12430 | high | 7.5 | 7.5 | 9y ago | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12429 | high | 7.5 | 7.5 | 9y ago | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12428 | high | 7.5 | 7.5 | 9y ago | In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c. | |||
| CVE-2017-12425 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid … | |||
| CVE-2017-12418 | high | 7.5 | 7.5 | 9y ago | ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. | |||
| CVE-2017-11382 | high | 7.5 | 7.5 | 9y ago | Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly… | |||
| CVE-2017-11390 | high | 7.5 | 7.5 | 9y ago | XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. | |||
| CVE-2017-11387 | high | 7.5 | 7.5 | 9y ago | Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-C… | |||
| CVE-2017-11356 | medium | 6.5 | 7.5 | 9y ago | The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by lever… | |||
| CVE-2017-10664 | high | 7.5 | 7.5 | 9y ago | qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | |||
| CVE-2017-1118 | high | 7.5 | 7.5 | 9y ago | IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. IBM X-Force ID: 121156. | |||
| CVE-2017-11379 | high | 7.5 | 7.5 | 9y ago | Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | |||
| CVE-2017-11135 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore… | |||
| CVE-2017-11133 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-rando… | |||
| CVE-2017-11132 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the applicati… | |||
| CVE-2017-11552 | medium | 6.5 | 7.5 | 9y ago | mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decode… | |||
| CVE-2017-12067 | high | 7.5 | 7.5 | 9y ago | Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. | |||
| CVE-2017-12064 | high | 7.5 | 7.5 | 9y ago | The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name. | |||
| CVE-2017-1460 | high | 7.5 | 7.5 | 9y ago | IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379. | |||
| CVE-2017-1227 | high | 7.5 | 7.5 | 9y ago | IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906. | |||
| CVE-2017-11670 | high | 7.5 | 7.5 | 9y ago | A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially… | |||
| CVE-2017-11669 | high | 7.5 | 7.5 | 9y ago | An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use… | |||
| CVE-2017-11668 | high | 7.5 | 7.5 | 9y ago | An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use… | |||
| CVE-2017-9522 | high | 7.5 | 7.5 | 9y ago | The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access b… | |||
| CVE-2017-9492 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmw… | |||
| CVE-2017-9486 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors. | |||
| CVE-2017-9485 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by leve… | |||
| CVE-2017-9484 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote att… | |||
| CVE-2017-9481 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/1… | |||
| CVE-2017-9478 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC a… | |||
| CVE-2017-11692 | high | 7.5 | 7.5 | 9y ago | The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. | |||
| CVE-2017-11746 | high | 7.5 | 7.5 | 9y ago | Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tens… | |||
| CVE-2017-11723 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld … | |||
| CVE-2017-11717 | high | 7.5 | 7.5 | 9y ago | MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stre… | |||
| CVE-2017-11706 | high | 7.5 | 7.5 | 9y ago | The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the … | |||
| CVE-2017-11665 | high | 7.5 | 7.5 | 9y ago | The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted strea… | |||
| CVE-2017-11684 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. | |||
| CVE-2017-7659 | high | 7.5 | 7.5 | 9y ago | A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. | |||
| CVE-2017-11658 | high | 7.5 | 7.5 | 9y ago | In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypa… | |||
| CVE-2017-11655 | high | 7.5 | 7.5 | 9y ago | A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdum… | |||
| CVE-2017-11630 | high | 7.5 | 7.5 | 9y ago | dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a… | |||
| CVE-2017-9233 | high | 7.5 | 7.5 | 9y ago | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an … | |||
| CVE-2017-6751 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected… | |||
| CVE-2017-6750 | high | 7.5 | 7.5 | 9y ago | A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticate… | |||
| CVE-2017-6672 | high | 7.5 | 7.5 | 9y ago | A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to b… | |||
| CVE-2017-11499 | high | 7.5 | 7.5 | 9y ago | Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was co… | |||
| CVE-2017-8035 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A careful… | |||
| CVE-2017-9553 | high | 7.5 | 7.5 | 9y ago | A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | |||
| CVE-2017-11326 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. | |||
| CVE-2017-11325 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php. | |||
| CVE-2017-11592 | high | 7.5 | 7.5 | 9y ago | There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via craft… | |||
| CVE-2017-11591 | high | 7.5 | 7.5 | 9y ago | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||
| CVE-2017-11590 | high | 7.5 | 7.5 | 9y ago | There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11587 | high | 7.5 | 7.5 | 9y ago | On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversa… | |||
| CVE-2017-11565 | high | 7.5 | 7.5 | 9y ago | debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorre… | |||
| CVE-2017-11556 | high | 7.5 | 7.5 | 9y ago | There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. | |||
| CVE-2017-11555 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | |||
| CVE-2017-11554 | high | 7.5 | 7.5 | 9y ago | There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | |||
| CVE-2017-11553 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. | |||
| CVE-2017-11521 | high | 7.5 | 7.5 | 9y ago | The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many medi… | |||
| CVE-2017-7523 | high | 7.5 | 7.5 | 9y ago | Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hi… | |||
| CVE-2017-1267 | high | 7.5 | 7.5 | 9y ago | IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. | |||
| CVE-2017-11468 | high | 7.5 | 7.5 | 9y ago | Uncontrolled resource allocation in github.com/docker/distribution | |||
| CVE-2017-11500 | high | 7.5 | 7.5 | 9y ago | A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | |||
| CVE-2017-7063 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a … | |||
| CVE-2017-7007 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource cons… | |||
| CVE-2017-1224 | high | 7.5 | 7.5 | 9y ago | IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. | |||
| CVE-2017-9245 | high | 7.5 | 7.5 | 9y ago | The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. | |||
| CVE-2017-11411 | high | 7.5 | 7.5 | 9y ago | In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validati… | |||
| CVE-2017-11410 | high | 7.5 | 7.5 | 9y ago | In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissecto… | |||
| CVE-2017-11409 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. | |||
| CVE-2017-11408 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. | |||
| CVE-2017-11407 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. | |||
| CVE-2017-11406 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter… | |||
| CVE-2017-9933 | high | 7.5 | 7.5 | 9y ago | Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | |||
| CVE-2017-10987 | high | 7.5 | 7.5 | 9y ago | multiple issues in freeradius | |||
| CVE-2017-10986 | high | 7.5 | 7.5 | 9y ago | multiple issues in freeradius | |||
| CVE-2017-10985 | high | 7.5 | 7.5 | 9y ago | multiple issues in freeradius | |||
| CVE-2017-10983 | high | 7.5 | 7.5 | 9y ago | multiple issues in freeradius |