CVEs from 2017
Total
11,651
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16884 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. | |||
| CVE-2017-16962 | medium | 6.1 | 7.1 | 9y ago | The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a craf… | |||
| CVE-2017-8153 | high | 7.1 | 7.1 | 9y ago | Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send… | |||
| CVE-2017-2735 | high | 7.1 | 7.1 | 9y ago | TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external appli… | |||
| CVE-2017-2707 | high | 7.1 | 7.1 | 9y ago | Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could… | |||
| CVE-2017-2706 | high | 7.1 | 7.1 | 9y ago | Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are … | |||
| CVE-2017-16899 | high | 7.1 | 7.1 | 9y ago | An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to… | |||
| CVE-2017-16841 | medium | 6.1 | 7.1 | 9y ago | LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | |||
| CVE-2017-16836 | medium | 6.1 | 7.1 | 9y ago | Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | |||
| CVE-2017-13831 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a … | |||
| CVE-2017-13820 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process me… | |||
| CVE-2017-15878 | medium | 6.1 | 7.1 | 9y ago | Cross-Site Scripting in keystone | |||
| CVE-2017-12613 | high | 7.1 | 7.1 | 9y ago | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting t… | |||
| CVE-2017-15687 | medium | 6.1 | 7.1 | 9y ago | DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. | |||
| CVE-2017-7089 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It all… | |||
| CVE-2017-15291 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description fi… | |||
| CVE-2017-15646 | medium | 6.1 | 7.1 | 9y ago | Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After set… | |||
| CVE-2017-10363 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security). Supported versions that are affected are 11.3, 11.4.0, 12.0.1, 12.… | |||
| CVE-2017-10353 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vul… | |||
| CVE-2017-10312 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows… | |||
| CVE-2017-15374 | medium | 6.1 | 7.1 | 9y ago | Shopware XSS Vulnerability | |||
| CVE-2017-15287 | medium | 6.1 | 7.1 | 9y ago | There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | |||
| CVE-2017-13722 | high | 7.1 | 7.1 | 9y ago | In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xser… | |||
| CVE-2017-13720 | high | 7.1 | 7.1 | 9y ago | In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of f… | |||
| CVE-2017-5701 | high | 7.1 | 7.1 | 9y ago | Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary… | |||
| CVE-2017-14620 | medium | 6.1 | 7.1 | 9y ago | SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||
| CVE-2017-12154 | high | 7.1 | 7.1 | 9y ago | The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omi… | |||
| CVE-2017-12215 | high | 7.1 | 7.1 | 9y ago | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to … | |||
| CVE-2017-14619 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | |||
| CVE-2017-3133 | medium | 6.1 | 7.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | |||
| CVE-2017-3132 | medium | 6.1 | 7.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToke… | |||
| CVE-2017-12699 | high | 7.1 | 7.1 | 9y ago | An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with m… | |||
| CVE-2017-0778 | high | 7.1 | 7.1 | 9y ago | A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227. | |||
| CVE-2017-14219 | medium | 6.1 | 7.1 | 9y ago | XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSu… | |||
| CVE-2017-14126 | medium | 6.1 | 7.1 | 9y ago | The Participants Database plugin before 1.7.5.10 for WordPress has XSS. | |||
| CVE-2017-9979 | medium | 6.1 | 7.1 | 9y ago | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to… | |||
| CVE-2017-12971 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. | |||
| CVE-2017-12984 | medium | 6.1 | 7.1 | 9y ago | PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | |||
| CVE-2017-6767 | high | 7.1 | 7.1 | 9y ago | A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be… | |||
| CVE-2017-10226 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9… | |||
| CVE-2017-10125 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physi… | |||
| CVE-2017-10085 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-11320 | medium | 6.1 | 7.1 | 9y ago | Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router. | |||
| CVE-2017-11355 | medium | 6.1 | 7.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) … | |||
| CVE-2017-1382 | high | 7.1 | 7.1 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker c… | |||
| CVE-2017-11472 | high | 7.1 | 7.1 | 9y ago | The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain s… | |||
| CVE-2017-9813 | medium | 6.1 | 7.1 | 9y ago | In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site sc… | |||
| CVE-2017-1000061 | high | 7.1 | 7.1 | 9y ago | xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service | |||
| CVE-2017-1254 | high | 7.1 | 7.1 | 9y ago | IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform… | |||
| CVE-2017-6038 | high | 7.1 | 7.1 | 9y ago | A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests wer… | |||
| CVE-2017-1105 | high | 7.1 | 7.1 | 9y ago | IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial o… | |||
| CVE-2017-9465 | high | 7.1 | 7.1 | 9y ago | The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a … | |||
| CVE-2017-8839 | medium | 6.1 | 7.1 | 9y ago | XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/p… | |||
| CVE-2017-8838 | medium | 6.1 | 7.1 | 9y ago | XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/H… | |||
| CVE-2017-2528 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un… | |||
| CVE-2017-2510 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un… | |||
| CVE-2017-2508 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un… | |||
| CVE-2017-2504 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-4979 | high | 7.1 | 7.1 | 9y ago | EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneF… | |||
| CVE-2017-7929 | high | 7.1 | 7.1 | 9y ago | An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse th… | |||
| CVE-2017-6625 | high | 7.1 | 7.1 | 9y ago | A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow … | |||
| CVE-2017-5631 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string. | |||
| CVE-2017-3434 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily … | |||
| CVE-2017-3356 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3355 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3347 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3345 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3342 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-3618 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-3595 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-3593 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-3591 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1… | |||
| CVE-2017-3574 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA License code configuration). Supported versions that are affected a… | |||
| CVE-2017-3557 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.… | |||
| CVE-2017-3550 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Admin Console). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily… | |||
| CVE-2017-3476 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 … | |||
| CVE-2017-3432 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily … | |||
| CVE-2017-3393 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Interaction History). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5 and 1… | |||
| CVE-2017-3337 | high | 7.1 | 7.1 | 9y ago | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and … | |||
| CVE-2017-7976 | high | 7.1 | 7.1 | 9y ago | Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a … | |||
| CVE-2017-7896 | medium | 6.1 | 7.1 | 9y ago | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. | |||
| CVE-2017-7885 | high | 7.1 | 7.1 | 9y ago | Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in … | |||
| CVE-2017-7725 | medium | 6.1 | 7.1 | 9y ago | Concrete CMS vulnerable to cross-site scripting (XSS) | |||
| CVE-2017-6601 | high | 7.1 | 7.1 | 9y ago | A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an… | |||
| CVE-2017-2450 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2445 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2439 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2409 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of… | |||
| CVE-2017-7277 | high | 7.1 | 7.1 | 9y ago | The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data str… | |||
| CVE-2017-7208 | high | 7.1 | 7.1 | 9y ago | The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264… | |||
| CVE-2017-7206 | high | 7.1 | 7.1 | 9y ago | The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory v… | |||
| CVE-2017-6914 | high | 7.1 | 7.1 | 9y ago | CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted. | |||
| CVE-2017-6443 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. | |||
| CVE-2017-5580 | high | 7.1 | 7.1 | 9y ago | The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process cra… | |||
| CVE-2017-6313 | high | 7.1 | 7.1 | 9y ago | Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image … | |||
| CVE-2017-6547 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12… | |||
| CVE-2017-6478 | medium | 6.1 | 7.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter). | |||
| CVE-2017-5231 | high | 7.1 | 7.1 | 9y ago | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specia… | |||
| CVE-2017-5229 | high | 7.1 | 7.1 | 9y ago | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafte… | |||
| CVE-2017-5228 | high | 7.1 | 7.1 | 9y ago | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build … |