CVEs from 2017
Total
11,713
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11680 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | |||
| CVE-2017-11679 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | |||
| CVE-2017-11678 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | |||
| CVE-2017-11675 | high | 8.8 | 8.8 | 9y ago | Authenticated RCE in Zen Cart 1.5.5e | |||
| CVE-2017-11642 | high | 8.8 | 8.8 | 9y ago | GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. | |||
| CVE-2017-11638 | high | 8.8 | 8.8 | 9y ago | GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. | |||
| CVE-2017-6753 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected b… | |||
| CVE-2017-9413 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a p… | |||
| CVE-2017-11422 | high | 8.8 | 8.8 | 9y ago | Statamic framework Incorrect Permission Assignment | |||
| CVE-2017-2273 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators… | |||
| CVE-2017-1373 | high | 8.8 | 8.8 | 9y ago | Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force … | |||
| CVE-2017-1371 | high | 8.8 | 8.8 | 9y ago | Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access… | |||
| CVE-2017-9930 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. | |||
| CVE-2017-10993 | high | 8.8 | 8.8 | 9y ago | Contao Core directory traversal vulnerability | |||
| CVE-2017-7068 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involve… | |||
| CVE-2017-7061 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7056 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7055 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7052 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7049 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7048 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7047 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involve… | |||
| CVE-2017-7046 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7043 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7042 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7041 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7040 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7039 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7037 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7034 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7030 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7020 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7019 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7018 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7012 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-11475 | high | 8.8 | 8.8 | 9y ago | GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. | |||
| CVE-2017-1218 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IB… | |||
| CVE-2017-11450 | high | 8.8 | 8.8 | 9y ago | coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. | |||
| CVE-2017-11449 | high | 8.8 | 8.8 | 9y ago | coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or poss… | |||
| CVE-2017-7506 | high | 8.8 | 8.8 | 9y ago | spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server … | |||
| CVE-2017-6320 | high | 8.8 | 8.8 | 9y ago | A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in whic… | |||
| CVE-2017-10961 | high | 8.8 | 8.8 | 9y ago | REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. | |||
| CVE-2017-1318 | high | 8.8 | 8.8 | 9y ago | IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. | |||
| CVE-2017-11403 | high | 8.8 | 8.8 | 9y ago | The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. | |||
| CVE-2017-9810 | high | 8.8 | 8.8 | 9y ago | There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacke… | |||
| CVE-2017-6741 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulner… | |||
| CVE-2017-11361 | high | 8.8 | 8.8 | 9y ago | Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because … | |||
| CVE-2017-7681 | high | 8.8 | 8.8 | 9y ago | Apache OpenMeetings vulnerable to SQL injection | |||
| CVE-2017-7666 | high | 8.8 | 8.8 | 9y ago | Apache OpenMeetings vulnerable to Cross-Site Request Forgery | |||
| CVE-2017-3099 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code e… | |||
| CVE-2017-2349 | high | 8.8 | 8.8 | 9y ago | A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate… | |||
| CVE-2017-2341 | high | 8.8 | 8.8 | 9y ago | An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the ho… | |||
| CVE-2017-11347 | high | 8.8 | 8.8 | 9y ago | Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc… | |||
| CVE-2017-11335 | high | 8.8 | 8.8 | 9y ago | There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode fu… | |||
| CVE-2017-1000069 | high | 8.8 | 8.8 | 9y ago | Cross-site Request Forgery (CSRF) | |||
| CVE-2017-1000067 | high | 8.8 | 8.8 | 9y ago | MODX Revolution blind SQL injection | |||
| CVE-2017-1000031 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | |||
| CVE-2017-1000022 | high | 8.8 | 8.8 | 9y ago | LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | |||
| CVE-2017-1000021 | high | 8.8 | 8.8 | 9y ago | LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. | |||
| CVE-2017-1000017 | high | 8.8 | 8.8 | 9y ago | phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server | |||
| CVE-2017-1000008 | high | 8.8 | 8.8 | 9y ago | Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their pass… | |||
| CVE-2017-11310 | high | 8.8 | 8.8 | 9y ago | The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. | |||
| CVE-2017-11200 | high | 8.8 | 8.8 | 9y ago | SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. | |||
| CVE-2017-11196 | high | 8.8 | 8.8 | 9y ago | Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malici… | |||
| CVE-2017-11193 | high | 8.8 | 8.8 | 9y ago | Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These … | |||
| CVE-2017-2820 | high | 8.8 | 8.8 | 9y ago | An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causi… | |||
| CVE-2017-2818 | high | 8.8 | 8.8 | 9y ago | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image … | |||
| CVE-2017-2814 | high | 8.8 | 8.8 | 9y ago | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred,… | |||
| CVE-2017-4057 | high | 8.8 | 8.8 | 9y ago | Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI te… | |||
| CVE-2017-4054 | high | 8.8 | 8.8 | 9y ago | Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted H… | |||
| CVE-2017-8590 | high | 8.8 | 8.8 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation… | |||
| CVE-2017-8569 | high | 8.8 | 8.8 | 9y ago | Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XS… | |||
| CVE-2017-11170 | high | 8.8 | 8.8 | 9y ago | The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. | |||
| CVE-2017-8002 | high | 8.8 | 8.8 | 9y ago | EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about… | |||
| CVE-2017-11101 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. | |||
| CVE-2017-11100 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. | |||
| CVE-2017-11099 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. | |||
| CVE-2017-11098 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. | |||
| CVE-2017-11097 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. | |||
| CVE-2017-11096 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c. | |||
| CVE-2017-2244 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2017-2238 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier … | |||
| CVE-2017-2223 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allo… | |||
| CVE-2017-2186 | high | 8.8 | 8.8 | 9y ago | HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. | |||
| CVE-2017-2185 | high | 8.8 | 8.8 | 9y ago | HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | |||
| CVE-2017-2184 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. | |||
| CVE-2017-7404 | high | 8.8 | 8.8 | 9y ago | On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim… | |||
| CVE-2017-4998 | high | 8.8 | 8.8 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the… | |||
| CVE-2017-10971 | high | 8.8 | 8.8 | 9y ago | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of… | |||
| CVE-2017-6712 | high | 8.8 | 8.8 | 9y ago | A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vuln… | |||
| CVE-2017-9927 | high | 8.8 | 8.8 | 9y ago | In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation … | |||
| CVE-2017-9926 | high | 8.8 | 8.8 | 9y ago | In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation … | |||
| CVE-2017-9925 | high | 8.8 | 8.8 | 9y ago | In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting … | |||
| CVE-2017-9924 | high | 8.8 | 8.8 | 9y ago | In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00… | |||
| CVE-2017-10928 | high | 8.8 | 8.8 | 9y ago | In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified … | |||
| CVE-2017-10805 | high | 8.8 | 8.8 | 9y ago | In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OA… | |||
| CVE-2017-5944 | high | 8.8 | 8.8 | 9y ago | The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute a… | |||
| CVE-2017-5943 | high | 8.8 | 8.8 | 9y ago | Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens… | |||
| CVE-2017-6042 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify… | |||
| CVE-2017-10681 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. |