CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10018 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerabi… | |||
| CVE-2017-10009 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |||
| CVE-2017-10008 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |||
| CVE-2017-10007 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |||
| CVE-2017-5246 | medium | 4.3 | 4.3 | 9y ago | Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in doub… | |||
| CVE-2017-7531 | medium | 4.3 | 4.3 | 9y ago | Moodle Information Disclosure | |||
| CVE-2017-5001 | medium | 4.3 | 4.3 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… | |||
| CVE-2017-5000 | medium | 4.3 | 4.3 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… | |||
| CVE-2017-1157 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. | |||
| CVE-2017-1326 | medium | 4.3 | 4.3 | 9y ago | IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the… | |||
| CVE-2017-9505 | medium | 4.3 | 4.3 | 9y ago | Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confl… | |||
| CVE-2017-8555 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certai… | |||
| CVE-2017-8523 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to c… | |||
| CVE-2017-8504 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered respo… | |||
| CVE-2017-8498 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browse… | |||
| CVE-2017-1099 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. | |||
| CVE-2017-2180 | medium | 4.3 | 4.3 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors. | |||
| CVE-2017-8441 | medium | 4.3 | 4.3 | 9y ago | Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data… | |||
| CVE-2017-2162 | medium | 4.3 | 4.3 | 9y ago | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless … | |||
| CVE-2017-7488 | medium | 4.3 | 4.3 | 9y ago | Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. | |||
| CVE-2017-7491 | medium | 4.3 | 4.3 | 9y ago | Moodle Cross-Site Request Forgery (CSRF) | |||
| CVE-2017-0231 | medium | 4.3 | 4.3 | 9y ago | A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability." | |||
| CVE-2017-0894 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars… | |||
| CVE-2017-1141 | medium | 4.3 | 4.3 | 9y ago | IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. | |||
| CVE-2017-2116 | medium | 4.3 | 4.3 | 9y ago | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. | |||
| CVE-2017-2115 | medium | 4.3 | 4.3 | 9y ago | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | |||
| CVE-2017-2095 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. | |||
| CVE-2017-2094 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | |||
| CVE-2017-2093 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | |||
| CVE-2017-2091 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. | |||
| CVE-2017-5046 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5041 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5040 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5033 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3560 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x… | |||
| CVE-2017-3552 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). Supported versions that are affected are… | |||
| CVE-2017-3481 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and … | |||
| CVE-2017-3473 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 … | |||
| CVE-2017-3465 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerabili… | |||
| CVE-2017-3464 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily… | |||
| CVE-2017-1152 | medium | 4.3 | 4.3 | 9y ago | IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Forc… | |||
| CVE-2017-7217 | medium | 4.3 | 4.3 | 9y ago | The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. | |||
| CVE-2017-0208 | medium | 4.3 | 4.3 | 9y ago | ChakraCore information disclosure vulnerability | |||
| CVE-2017-0203 | medium | 4.3 | 4.3 | 9y ago | A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web … | |||
| CVE-2017-0192 | medium | 4.3 | 4.3 | 9y ago | The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Win… | |||
| CVE-2017-3817 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for a… | |||
| CVE-2017-0888 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable in… | |||
| CVE-2017-0887 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary… | |||
| CVE-2017-0885 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-o… | |||
| CVE-2017-0884 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated … | |||
| CVE-2017-1171 | medium | 4.3 | 4.3 | 9y ago | The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 20010… | |||
| CVE-2017-0881 | medium | 4.3 | 4.3 | 9y ago | An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a pri… | |||
| CVE-2017-5524 | medium | 4.3 | 4.3 | 9y ago | Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. | |||
| CVE-2017-1155 | medium | 4.3 | 4.3 | 9y ago | IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754. | |||
| CVE-2017-3871 | medium | 4.3 | 4.3 | 9y ago | A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive infor… | |||
| CVE-2017-6954 | medium | 4.3 | 4.3 | 9y ago | BuddyPress Docs plugin Improper Privilege Management | |||
| CVE-2017-0073 | medium | 4.3 | 4.3 | 9y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol… | |||
| CVE-2017-0069 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 … | |||
| CVE-2017-0068 | medium | 4.3 | 4.3 | 9y ago | Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerabi… | |||
| CVE-2017-0065 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is … | |||
| CVE-2017-0057 | medium | 4.3 | 4.3 | 9y ago | DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attack… | |||
| CVE-2017-0049 | medium | 4.3 | 4.3 | 9y ago | The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure … | |||
| CVE-2017-0033 | medium | 4.3 | 4.3 | 9y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different f… | |||
| CVE-2017-0012 | medium | 4.3 | 4.3 | 9y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different f… | |||
| CVE-2017-0011 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those de… | |||
| CVE-2017-0009 | medium | 4.3 | 4.3 | 9y ago | Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Th… | |||
| CVE-2017-0008 | medium | 4.3 | 4.3 | 9y ago | Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability… | |||
| CVE-2017-6918 | medium | 4.3 | 4.3 | 9y ago | CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed. | |||
| CVE-2017-6917 | medium | 4.3 | 4.3 | 9y ago | CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed. | |||
| CVE-2017-6916 | medium | 4.3 | 4.3 | 9y ago | CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed. | |||
| CVE-2017-6915 | medium | 4.3 | 4.3 | 9y ago | CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed. | |||
| CVE-2017-5866 | medium | 4.3 | 4.3 | 9y ago | The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensit… | |||
| CVE-2017-3844 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. … | |||
| CVE-2017-3843 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Informati… | |||
| CVE-2017-3839 | medium | 4.3 | 4.3 | 9y ago | An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the… | |||
| CVE-2017-3836 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases… | |||
| CVE-2017-5027 | medium | 4.3 | 4.3 | 9y ago | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacke… | |||
| CVE-2017-5026 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5023 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5022 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5021 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5017 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3315 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnera… | |||
| CVE-2017-3296 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easi… | |||
| CVE-2017-3261 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u11… | |||
| CVE-2017-3247 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerabil… | |||
| CVE-2017-3231 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u11… | |||
| CVE-2017-12340 | medium | 4.2 | 4.2 | 9y ago | A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, … | |||
| CVE-2017-12336 | medium | 4.2 | 4.2 | 9y ago | A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the unde… | |||
| CVE-2017-8196 | medium | 4.2 | 4.2 | 9y ago | FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby queryi… | |||
| CVE-2017-13679 | medium | 4.2 | 4.2 | 9y ago | A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by … | |||
| CVE-2017-13675 | medium | 4.2 | 4.2 | 9y ago | A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by tem… | |||
| CVE-2017-12266 | medium | 4.2 | 4.2 | 9y ago | A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisc… | |||
| CVE-2017-8754 | medium | 4.2 | 4.2 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edg… | |||
| CVE-2017-3652 | medium | 4.2 | 4.2 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Diffic… | |||
| CVE-2017-6770 | medium | 4.2 | 4.2 | 9y ago | Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open S… | |||
| CVE-2017-3509 | medium | 4.2 | 4.2 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u12… | |||
| CVE-2017-3477 | medium | 4.2 | 4.2 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Dif… | |||
| CVE-2017-0140 | medium | 4.2 | 4.2 | 9y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is d… | |||
| CVE-2017-0135 | medium | 4.2 | 4.2 | 9y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is d… |