CVEs from 2017
Total
11,615
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11359 | medium | 5.5 | 6.5 | 9y ago | The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conve… | |||
| CVE-2017-11358 | medium | 5.5 | 6.5 | 9y ago | The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. | |||
| CVE-2017-11333 | medium | 5.5 | 6.5 | 9y ago | The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. | |||
| CVE-2017-11332 | medium | 5.5 | 6.5 | 9y ago | The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file. | |||
| CVE-2017-11331 | medium | 5.5 | 6.5 | 9y ago | The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. | |||
| CVE-2017-11330 | medium | 5.5 | 6.5 | 9y ago | The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi fil… | |||
| CVE-2017-9477 | medium | 6.5 | 6.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote att… | |||
| CVE-2017-9476 | medium | 6.5 | 6.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eM… | |||
| CVE-2017-11755 | medium | 6.5 | 6.5 | 9y ago | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo… | |||
| CVE-2017-11754 | medium | 6.5 | 6.5 | 9y ago | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call. | |||
| CVE-2017-11753 | medium | 6.5 | 6.5 | 9y ago | The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transp… | |||
| CVE-2017-11752 | medium | 6.5 | 6.5 | 9y ago | The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-11751 | medium | 6.5 | 6.5 | 9y ago | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-11750 | medium | 6.5 | 6.5 | 9y ago | The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-11724 | medium | 6.5 | 6.5 | 9y ago | The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. | |||
| CVE-2017-6260 | medium | 6.5 | 6.5 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. | |||
| CVE-2017-11722 | medium | 6.5 | 6.5 | 9y ago | The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the … | |||
| CVE-2017-11705 | medium | 6.5 | 6.5 | 9y ago | A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-11704 | medium | 6.5 | 6.5 | 9y ago | A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-11703 | medium | 6.5 | 6.5 | 9y ago | A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9412 | medium | 5.5 | 6.5 | 9y ago | The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. | |||
| CVE-2017-9260 | medium | 5.5 | 6.5 | 9y ago | The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application c… | |||
| CVE-2017-9259 | medium | 5.5 | 6.5 | 9y ago | The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application cra… | |||
| CVE-2017-9258 | medium | 5.5 | 6.5 | 9y ago | The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wa… | |||
| CVE-2017-11683 | medium | 6.5 | 6.5 | 9y ago | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||
| CVE-2017-11644 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. | |||
| CVE-2017-11640 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. | |||
| CVE-2017-11639 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in Mag… | |||
| CVE-2017-11613 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not chec… | |||
| CVE-2017-8919 | medium | 6.5 | 6.5 | 9y ago | NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password informat… | |||
| CVE-2017-11457 | medium | 6.5 | 6.5 | 9y ago | XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attac… | |||
| CVE-2017-11327 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/cont… | |||
| CVE-2017-11608 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11605 | medium | 6.5 | 6.5 | 9y ago | There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11540 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. | |||
| CVE-2017-11539 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. | |||
| CVE-2017-11538 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. | |||
| CVE-2017-11537 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel… | |||
| CVE-2017-11536 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. | |||
| CVE-2017-11535 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. | |||
| CVE-2017-11534 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. | |||
| CVE-2017-11533 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. | |||
| CVE-2017-11532 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. | |||
| CVE-2017-11531 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. | |||
| CVE-2017-11530 | medium | 6.5 | 6.5 | 9y ago | The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||
| CVE-2017-11529 | medium | 6.5 | 6.5 | 9y ago | The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-11528 | medium | 6.5 | 6.5 | 9y ago | The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-11527 | medium | 6.5 | 6.5 | 9y ago | The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||
| CVE-2017-11526 | medium | 6.5 | 6.5 | 9y ago | The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted f… | |||
| CVE-2017-11525 | medium | 6.5 | 6.5 | 9y ago | The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||
| CVE-2017-11524 | medium | 6.5 | 6.5 | 9y ago | The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a c… | |||
| CVE-2017-11523 | medium | 6.5 | 6.5 | 9y ago | The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the e… | |||
| CVE-2017-11522 | medium | 6.5 | 6.5 | 9y ago | The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-1374 | medium | 6.5 | 6.5 | 9y ago | Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. | |||
| CVE-2017-11505 | medium | 6.5 | 6.5 | 9y ago | The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malform… | |||
| CVE-2017-7064 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7060 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to c… | |||
| CVE-2017-7011 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the … | |||
| CVE-2017-2517 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||
| CVE-2017-11478 | medium | 6.5 | 6.5 | 9y ago | The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a ma… | |||
| CVE-2017-1219 | medium | 6.5 | 6.5 | 9y ago | IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information … | |||
| CVE-2017-11448 | medium | 6.5 | 6.5 | 9y ago | The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | |||
| CVE-2017-11447 | medium | 6.5 | 6.5 | 9y ago | The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. | |||
| CVE-2017-11446 | medium | 6.5 | 6.5 | 9y ago | The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. | |||
| CVE-2017-9340 | medium | 6.5 | 6.5 | 9y ago | An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. | |||
| CVE-2017-7947 | medium | 6.5 | 6.5 | 9y ago | NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on … | |||
| CVE-2017-7532 | medium | 6.5 | 6.5 | 9y ago | Moodle Improper Privilege Management | |||
| CVE-2017-2642 | medium | 6.5 | 6.5 | 9y ago | Moodle User fullname disclosure on user preferences page | |||
| CVE-2017-3100 | medium | 6.5 | 6.5 | 9y ago | Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address di… | |||
| CVE-2017-3080 | medium | 6.5 | 6.5 | 9y ago | Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosur… | |||
| CVE-2017-2240 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | |||
| CVE-2017-11360 | medium | 6.5 | 6.5 | 9y ago | The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. | |||
| CVE-2017-11352 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-91… | |||
| CVE-2017-11340 | medium | 6.5 | 6.5 | 9y ago | There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11339 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11338 | medium | 6.5 | 6.5 | 9y ago | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11337 | medium | 6.5 | 6.5 | 9y ago | There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11336 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-0196 | medium | 6.5 | 6.5 | 9y ago | An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Inform… | |||
| CVE-2017-1308 | medium | 6.5 | 6.5 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force … | |||
| CVE-2017-1285 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages.… | |||
| CVE-2017-11189 | medium | 6.5 | 6.5 | 9y ago | unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code … | |||
| CVE-2017-8611 | medium | 6.5 | 6.5 | 9y ago | Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerabil… | |||
| CVE-2017-8602 | medium | 6.5 | 6.5 | 9y ago | Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow… | |||
| CVE-2017-8599 | medium | 6.5 | 6.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security… | |||
| CVE-2017-8592 | medium | 6.5 | 6.5 | 9y ago | Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server … | |||
| CVE-2017-8587 | medium | 6.5 | 6.5 | 9y ago | Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability whe… | |||
| CVE-2017-8564 | medium | 5.5 | 6.5 | 9y ago | Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server … | |||
| CVE-2017-0170 | medium | 6.5 | 6.5 | 9y ago | Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2… | |||
| CVE-2017-11166 | medium | 6.5 | 6.5 | 9y ago | The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the heade… | |||
| CVE-2017-11141 | medium | 6.5 | 6.5 | 9y ago | The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageEx… | |||
| CVE-2017-8442 | medium | 6.5 | 6.5 | 9y ago | Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL k… | |||
| CVE-2017-7950 | medium | 5.5 | 6.5 | 9y ago | Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. | |||
| CVE-2017-4999 | medium | 6.5 | 6.5 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privile… | |||
| CVE-2017-10973 | medium | 6.5 | 6.5 | 9y ago | In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | |||
| CVE-2017-1236 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 | |||
| CVE-2017-10972 | medium | 6.5 | 6.5 | 9y ago | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X serve… | |||
| CVE-2017-8420 | medium | 6.5 | 6.5 | 9y ago | SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malforme… | |||
| CVE-2017-1258 | medium | 6.5 | 6.5 | 9y ago | IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 | |||
| CVE-2017-10923 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. |