CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9987 | high | 7.5 | 7.5 | 9y ago | There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack. | |||
| CVE-2017-9445 | high | 7.5 | 7.5 | 9y ago | arbitrary code execution in systemd | |||
| CVE-2017-9982 | high | 7.5 | 7.5 | 9y ago | TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character. | |||
| CVE-2017-7524 | high | 7.5 | 7.5 | 9y ago | tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | |||
| CVE-2017-7508 | high | 7.5 | 7.5 | 9y ago | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | |||
| CVE-2017-9953 | high | 7.5 | 7.5 | 9y ago | There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-7458 | high | 7.5 | 7.5 | 9y ago | The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty … | |||
| CVE-2017-9936 | medium | 6.5 | 7.5 | 9y ago | In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. | |||
| CVE-2017-7459 | high | 7.5 | 7.5 | 9y ago | ntopng before 3.0 allows HTTP Response Splitting. | |||
| CVE-2017-6678 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote att… | |||
| CVE-2017-9829 | high | 7.5 | 7.5 | 9y ago | '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a craf… | |||
| CVE-2017-0897 | high | 7.5 | 7.5 | 9y ago | ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution. | |||
| CVE-2017-6045 | high | 7.5 | 7.5 | 9y ago | An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain… | |||
| CVE-2017-6043 | high | 7.5 | 7.5 | 9y ago | A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an at… | |||
| CVE-2017-2831 | high | 7.5 | 7.5 | 9y ago | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can… | |||
| CVE-2017-2830 | high | 7.5 | 7.5 | 9y ago | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can… | |||
| CVE-2017-9766 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet… | |||
| CVE-2017-3087 | high | 7.5 | 7.5 | 9y ago | Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate. | |||
| CVE-2017-7668 | high | 7.5 | 7.5 | 9y ago | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously… | |||
| CVE-2017-3743 | high | 7.5 | 7.5 | 9y ago | If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSP… | |||
| CVE-2017-3214 | high | 7.5 | 7.5 | 9y ago | The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | |||
| CVE-2017-9763 | high | 7.5 | 7.5 | 9y ago | The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack us… | |||
| CVE-2017-1000373 | medium | 6.5 | 7.5 | 9y ago | The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allo… | |||
| CVE-2017-9231 | high | 7.5 | 7.5 | 9y ago | XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2017-9735 | high | 7.5 | 7.5 | 9y ago | Jetty vulnerable to exposure of sensitive information due to observable discrepancy | |||
| CVE-2017-8452 | high | 7.5 | 7.5 | 9y ago | Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. | |||
| CVE-2017-8450 | high | 7.5 | 7.5 | 9y ago | X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this infor… | |||
| CVE-2017-7507 | high | 7.5 | 7.5 | 9y ago | GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server appli… | |||
| CVE-2017-9731 | high | 7.5 | 7.5 | 9y ago | In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk p… | |||
| CVE-2017-9729 | high | 7.5 | 7.5 | 9y ago | In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression. | |||
| CVE-2017-7629 | high | 7.5 | 7.5 | 9y ago | QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. | |||
| CVE-2017-1379 | high | 7.5 | 7.5 | 9y ago | IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. | |||
| CVE-2017-8549 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge imprope… | |||
| CVE-2017-8547 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of … | |||
| CVE-2017-8524 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 a… | |||
| CVE-2017-8522 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitr… | |||
| CVE-2017-8521 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scr… | |||
| CVE-2017-8520 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scr… | |||
| CVE-2017-8519 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context… | |||
| CVE-2017-8517 | high | 7.5 | 7.5 | 9y ago | Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an… | |||
| CVE-2017-8499 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scr… | |||
| CVE-2017-8497 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, ak… | |||
| CVE-2017-7910 | high | 7.5 | 7.5 | 9y ago | A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable… | |||
| CVE-2017-4981 | high | 7.5 | 7.5 | 9y ago | EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability. | |||
| CVE-2017-9604 | high | 7.5 | 7.5 | 9y ago | KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, w… | |||
| CVE-2017-6681 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker… | |||
| CVE-2017-6680 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Informat… | |||
| CVE-2017-6674 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for … | |||
| CVE-2017-6671 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the de… | |||
| CVE-2017-4994 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, a… | |||
| CVE-2017-4975 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the o… | |||
| CVE-2017-4972 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, an… | |||
| CVE-2017-7667 | high | 7.5 | 7.5 | 9y ago | Origin Validation Error in Apache NiFi | |||
| CVE-2017-9557 | high | 7.5 | 7.5 | 9y ago | register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and … | |||
| CVE-2017-9543 | high | 7.5 | 7.5 | 9y ago | register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm. | |||
| CVE-2017-9128 | medium | 6.5 | 7.5 | 9y ago | The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 … | |||
| CVE-2017-9127 | medium | 6.5 | 7.5 | 9y ago | The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted … | |||
| CVE-2017-9126 | medium | 6.5 | 7.5 | 9y ago | The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. | |||
| CVE-2017-9125 | medium | 6.5 | 7.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. | |||
| CVE-2017-9124 | medium | 6.5 | 7.5 | 9y ago | The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |||
| CVE-2017-9123 | medium | 6.5 | 7.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | |||
| CVE-2017-9122 | medium | 6.5 | 7.5 | 9y ago | The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |||
| CVE-2017-8871 | medium | 6.5 | 7.5 | 9y ago | The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | |||
| CVE-2017-0376 | high | 7.5 | 7.5 | 9y ago | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous… | |||
| CVE-2017-0375 | high | 7.5 | 7.5 | 9y ago | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | |||
| CVE-2017-1319 | high | 7.5 | 7.5 | 9y ago | IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. | |||
| CVE-2017-9023 | high | 7.5 | 7.5 | 9y ago | The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted c… | |||
| CVE-2017-9022 | high | 7.5 | 7.5 | 9y ago | The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and … | |||
| CVE-2017-6648 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TeleP… | |||
| CVE-2017-7564 | high | 7.5 | 7.5 | 9y ago | In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug except… | |||
| CVE-2017-7313 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other wor… | |||
| CVE-2017-9469 | high | 7.5 | 7.5 | 9y ago | In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause … | |||
| CVE-2017-9468 | high | 7.5 | 7.5 | 9y ago | In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. | |||
| CVE-2017-5664 | high | 7.5 | 7.5 | 9y ago | The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwa… | |||
| CVE-2017-9438 | high | 7.5 | 7.5 | 9y ago | libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_em… | |||
| CVE-2017-7669 | high | 7.5 | 7.5 | 9y ago | Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation | |||
| CVE-2017-9428 | high | 7.5 | 7.5 | 9y ago | A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequen… | |||
| CVE-2017-9372 | high | 7.5 | 7.5 | 9y ago | PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of servic… | |||
| CVE-2017-9359 | high | 7.5 | 7.5 | 9y ago | The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attacke… | |||
| CVE-2017-9358 | high | 7.5 | 7.5 | 9y ago | A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending speciall… | |||
| CVE-2017-9354 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | |||
| CVE-2017-9352 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occu… | |||
| CVE-2017-9351 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier… | |||
| CVE-2017-9350 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative le… | |||
| CVE-2017-9349 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | |||
| CVE-2017-9348 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. | |||
| CVE-2017-9346 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | |||
| CVE-2017-9345 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. | |||
| CVE-2017-9344 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. | |||
| CVE-2017-9343 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. | |||
| CVE-2017-9334 | high | 7.5 | 7.5 | 9y ago | An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of servic… | |||
| CVE-2017-9304 | high | 7.5 | 7.5 | 9y ago | libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. | |||
| CVE-2017-7502 | high | 7.5 | 7.5 | 9y ago | Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. | |||
| CVE-2017-2304 | high | 7.5 | 7.5 | 9y ago | Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet p… | |||
| CVE-2017-2303 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D4… | |||
| CVE-2017-2302 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 1… | |||
| CVE-2017-2301 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to … | |||
| CVE-2017-2300 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primar… | |||
| CVE-2017-9250 | high | 7.5 | 7.5 | 9y ago | The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of ser… | |||
| CVE-2017-7295 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structur… |