CVEs from 2017
Total
11,796
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
14.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-5529 | medium | 6.5 | 6.5 | 9y ago | JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affec… | |
| CVE-2017-1310 | medium | 6.5 | 6.5 | 9y ago | IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts … | |
| CVE-2017-9998 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | |
| CVE-2017-9989 | medium | 6.5 | 6.5 | 9y ago | util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. | |
| CVE-2017-9988 | medium | 6.5 | 6.5 | 9y ago | The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. | |
| CVE-2017-7522 | medium | 6.5 | 6.5 | 9y ago | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | |
| CVE-2017-9937 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. | |
| CVE-2017-9936 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. | |
| CVE-2017-1193 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. | |
| CVE-2017-1131 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. | |
| CVE-2017-9775 | medium | 6.5 | 6.5 | 9y ago | Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | |
| CVE-2017-9815 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function … | |
| CVE-2017-2829 | medium | 6.5 | 6.5 | 9y ago | An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request… | |
| CVE-2017-3744 | medium | 6.5 | 6.5 | 9y ago | In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated… | |
| CVE-2017-1000373 | medium | 6.5 | 6.5 | 9y ago | The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allo… | |
| CVE-2017-8545 | medium | 6.5 | 6.5 | 9y ago | A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability". | |
| CVE-2017-8534 | medium | 6.5 | 6.5 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S… | |
| CVE-2017-8533 | medium | 6.5 | 6.5 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |
| CVE-2017-8532 | medium | 6.5 | 6.5 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper… | |
| CVE-2017-8531 | medium | 6.5 | 6.5 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2… | |
| CVE-2017-8529 | medium | 6.5 | 6.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's compu… | |
| CVE-2017-9463 | medium | 6.5 | 6.5 | 9y ago | The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context … | |
| CVE-2017-5697 | medium | 6.5 | 6.5 | 9y ago | Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remot… | |
| CVE-2017-6697 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. … | |
| CVE-2017-6691 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd2940… | |
| CVE-2017-6673 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More I… | |
| CVE-2017-6655 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) conditio… | |
| CVE-2017-4974 | medium | 6.5 | 6.5 | 9y ago | Blind SQL Injection with privileged Cloud Foundry UAA endpoints | |
| CVE-2017-9128 | medium | 6.5 | 6.5 | 9y ago | The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 … | |
| CVE-2017-9127 | medium | 6.5 | 6.5 | 9y ago | The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted … | |
| CVE-2017-9126 | medium | 6.5 | 6.5 | 9y ago | The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. | |
| CVE-2017-9125 | medium | 6.5 | 6.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. | |
| CVE-2017-9124 | medium | 6.5 | 6.5 | 9y ago | The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |
| CVE-2017-9123 | medium | 6.5 | 6.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | |
| CVE-2017-9122 | medium | 6.5 | 6.5 | 9y ago | The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |
| CVE-2017-8871 | medium | 6.5 | 6.5 | 9y ago | The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | |
| CVE-2017-8834 | medium | 6.5 | 6.5 | 9y ago | The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. | |
| CVE-2017-2165 | medium | 6.5 | 6.5 | 9y ago | GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors. | |
| CVE-2017-9501 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9500 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9499 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9461 | medium | 6.5 | 6.5 | 9y ago | smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling sym… | |
| CVE-2017-9440 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9439 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9416 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | |
| CVE-2017-9409 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-9408 | medium | 6.5 | 6.5 | 9y ago | In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9407 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-9406 | medium | 6.5 | 6.5 | 9y ago | In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9405 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-9404 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9403 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-0896 | medium | 6.5 | 6.5 | 9y ago | Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite ot… | |
| CVE-2017-9378 | medium | 6.5 | 6.5 | 9y ago | BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have… | |
| CVE-2017-7999 | medium | 6.5 | 6.5 | 9y ago | Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. | |
| CVE-2017-9307 | medium | 6.5 | 6.5 | 9y ago | SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | |
| CVE-2017-8782 | medium | 6.5 | 6.5 | 9y ago | The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This … | |
| CVE-2017-2308 | medium | 6.5 | 6.5 | 9y ago | An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | |
| CVE-2017-9295 | medium | 6.5 | 6.5 | 9y ago | XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | |
| CVE-2017-9287 | medium | 6.5 | 6.5 | 9y ago | servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged … | |
| CVE-2017-9263 | medium | 6.5 | 6.5 | 9y ago | In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` i… | |
| CVE-2017-9262 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-9261 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-9239 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage wi… | |
| CVE-2017-9216 | medium | 6.5 | 6.5 | 9y ago | libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will c… | |
| CVE-2017-9207 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image,… | |
| CVE-2017-9206 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image,… | |
| CVE-2017-9205 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, relat… | |
| CVE-2017-9204 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, relat… | |
| CVE-2017-9203 | medium | 6.5 | 6.5 | 9y ago | imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c. | |
| CVE-2017-9202 | medium | 6.5 | 6.5 | 9y ago | imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | |
| CVE-2017-9201 | medium | 6.5 | 6.5 | 9y ago | imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | |
| CVE-2017-8379 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generati… | |
| CVE-2017-9147 | medium | 6.5 | 6.5 | 9y ago | LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. | |
| CVE-2017-9144 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | |
| CVE-2017-9143 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | |
| CVE-2017-9142 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | |
| CVE-2017-9141 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function … | |
| CVE-2017-4916 | medium | 6.5 | 6.5 | 9y ago | VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privilege… | |
| CVE-2017-2511 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web s… | |
| CVE-2017-2495 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a de… | |
| CVE-2017-6637 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected syste… | |
| CVE-2017-6636 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. T… | |
| CVE-2017-6635 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected syste… | |
| CVE-2017-9116 | medium | 6.5 | 6.5 | 9y ago | In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. | |
| CVE-2017-9114 | medium | 6.5 | 6.5 | 9y ago | In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. | |
| CVE-2017-9112 | medium | 6.5 | 6.5 | 9y ago | OpenEXR invalid read | |
| CVE-2017-9110 | medium | 6.5 | 6.5 | 9y ago | In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. | |
| CVE-2017-7620 | medium | 6.5 | 6.5 | 9y ago | MantisBT vulnerable to CSRF and Open Redirect attacks | |
| CVE-2017-9094 | medium | 6.5 | 6.5 | 9y ago | The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |
| CVE-2017-9093 | medium | 6.5 | 6.5 | 9y ago | The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |
| CVE-2017-9083 | medium | 6.5 | 6.5 | 9y ago | poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation … | |
| CVE-2017-7433 | medium | 6.5 | 6.5 | 9y ago | An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially cr… | |
| CVE-2017-4012 | medium | 6.5 | 6.5 | 9y ago | Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP re… | |
| CVE-2017-9025 | medium | 6.5 | 6.5 | 9y ago | Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HT… | |
| CVE-2017-7479 | medium | 6.5 | 6.5 | 9y ago | OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | |
| CVE-2017-5655 | medium | 6.5 | 6.5 | 9y ago | In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the ho… | |
| CVE-2017-0064 | medium | 6.5 | 6.5 | 9y ago | A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability." | |
| CVE-2017-6865 | medium | 6.5 | 6.5 | 9y ago | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS… | |
| CVE-2017-2681 | medium | 6.5 | 6.5 | 9y ago | Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to re… |