CVEs from 2017
Total
11,613
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2386 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-7395 | medium | 6.5 | 6.5 | 9y ago | In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. | |||
| CVE-2017-1154 | medium | 6.5 | 6.5 | 9y ago | IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: … | |||
| CVE-2017-2686 | medium | 6.5 | 6.5 | 9y ago | Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive informat… | |||
| CVE-2017-1142 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By interc… | |||
| CVE-2017-6464 | medium | 6.5 | 6.5 | 9y ago | NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. | |||
| CVE-2017-6463 | medium | 6.5 | 6.5 | 9y ago | NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. | |||
| CVE-2017-3880 | medium | 6.5 | 6.5 | 9y ago | An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More In… | |||
| CVE-2017-3877 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack agains… | |||
| CVE-2017-3811 | medium | 6.5 | 6.5 | 9y ago | An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More In… | |||
| CVE-2017-0060 | medium | 5.5 | 6.5 | 9y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol… | |||
| CVE-2017-0045 | medium | 5.5 | 6.5 | 9y ago | Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise … | |||
| CVE-2017-5857 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via … | |||
| CVE-2017-5856 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via Meg… | |||
| CVE-2017-5667 | medium | 6.5 | 6.5 | 9y ago | The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) o… | |||
| CVE-2017-5937 | medium | 6.5 | 6.5 | 9y ago | The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference… | |||
| CVE-2017-5579 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU pro… | |||
| CVE-2017-5578 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumptio… | |||
| CVE-2017-5552 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption)… | |||
| CVE-2017-5526 | medium | 6.5 | 6.5 | 9y ago | Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number o… | |||
| CVE-2017-5525 | medium | 6.5 | 6.5 | 9y ago | Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of … | |||
| CVE-2017-6505 | medium | 6.5 | 6.5 | 9y ago | The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the num… | |||
| CVE-2017-6414 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocatin… | |||
| CVE-2017-6386 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large numb… | |||
| CVE-2017-6317 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involvi… | |||
| CVE-2017-6210 | medium | 6.5 | 6.5 | 9y ago | The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroyin… | |||
| CVE-2017-6209 | medium | 6.5 | 6.5 | 9y ago | Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a den… | |||
| CVE-2017-5993 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a larg… | |||
| CVE-2017-5583 | medium | 6.5 | 6.5 | 9y ago | The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||
| CVE-2017-3899 | medium | 6.5 | 6.5 | 9y ago | SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request paramete… | |||
| CVE-2017-3000 | medium | 6.5 | 6.5 | 9y ago | Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure. | |||
| CVE-2017-6819 | medium | 6.5 | 6.5 | 9y ago | In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an … | |||
| CVE-2017-5867 | medium | 6.5 | 6.5 | 9y ago | ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a o… | |||
| CVE-2017-6402 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur. | |||
| CVE-2017-0038 | medium | 5.5 | 6.5 | 9y ago | gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windo… | |||
| CVE-2017-2359 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the "Safari" component, which allows remote attackers to spoof the address bar via a crafted we… | |||
| CVE-2017-2350 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-5016 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5015 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5013 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5011 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-0310 | medium | 6.5 | 6.5 | 9y ago | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service. | |||
| CVE-2017-2596 | medium | 6.5 | 6.5 | 10y ago | The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service … | |||
| CVE-2017-5880 | medium | 6.5 | 6.5 | 10y ago | Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Ligh… | |||
| CVE-2017-3820 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could a… | |||
| CVE-2017-5572 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. | |||
| CVE-2017-5632 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the de… | |||
| CVE-2017-3273 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnera… | |||
| CVE-2017-3258 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily… | |||
| CVE-2017-3257 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerabi… | |||
| CVE-2017-3256 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows l… | |||
| CVE-2017-3244 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily… | |||
| CVE-2017-3238 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. … | |||
| CVE-2017-1000168 | medium | 6.5 | 6.5 | 10y ago | scalarmult() vulnerable to degenerate public keys | |||
| CVE-2017-5223 | medium | 5.5 | 6.5 | 10y ago | Local file disclosure in PHPMailer | |||
| CVE-2017-2938 | medium | 6.5 | 6.5 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. | |||
| CVE-2017-7549 | medium | 6.4 | 6.4 | 4y ago | A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, wher… | |||
| CVE-2017-6679 | medium | 6.4 | 6.4 | 9y ago | The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in … | |||
| CVE-2017-2728 | medium | 6.4 | 6.4 | 9y ago | Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonat… | |||
| CVE-2017-16819 | medium | 5.4 | 6.4 | 9y ago | A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name)… | |||
| CVE-2017-16843 | medium | 5.4 | 6.4 | 9y ago | Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | |||
| CVE-2017-16807 | medium | 5.4 | 6.4 | 9y ago | Kirby XSS Vulnerability | |||
| CVE-2017-16781 | medium | 5.4 | 6.4 | 9y ago | The installer in MyBB before 1.8.13 has XSS. | |||
| CVE-2017-16568 | medium | 5.4 | 6.4 | 9y ago | Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, w… | |||
| CVE-2017-16567 | medium | 5.4 | 6.4 | 9y ago | Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malic… | |||
| CVE-2017-15727 | medium | 5.4 | 6.4 | 9y ago | In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. | |||
| CVE-2017-10420 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vul… | |||
| CVE-2017-10418 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft CDA). The supported version that is affected is 8.56. Easily exploitable vu… | |||
| CVE-2017-10361 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC DRS). The supported version that is affected is 8.0… | |||
| CVE-2017-10358 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Workspace). The supported version that is affected is 11.1.2. Easily exploitable vulnerability all… | |||
| CVE-2017-15284 | medium | 5.4 | 6.4 | 9y ago | OctoberCMS Cross-Site Scripting | |||
| CVE-2017-14717 | medium | 5.4 | 6.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | |||
| CVE-2017-14712 | medium | 5.4 | 6.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | |||
| CVE-2017-3131 | medium | 5.4 | 6.4 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under … | |||
| CVE-2017-12223 | medium | 6.4 | 6.4 | 9y ago | A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device… | |||
| CVE-2017-13754 | medium | 5.4 | 6.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2017-9767 | medium | 5.4 | 6.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter … | |||
| CVE-2017-1190 | medium | 6.4 | 6.4 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an… | |||
| CVE-2017-10224 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Inventory and Count Cycle). Supported versions that are affected are 8.5.1 and… | |||
| CVE-2017-10076 | medium | 6.4 | 6.4 | 9y ago | Vulnerability in the Oracle Hospitality Simphony First Edition Venue Management component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 3.9. Easil… | |||
| CVE-2017-10046 | medium | 5.4 | 6.4 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… | |||
| CVE-2017-3750 | medium | 6.4 | 6.4 | 9y ago | On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation… | |||
| CVE-2017-3749 | medium | 6.4 | 6.4 | 9y ago | On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in … | |||
| CVE-2017-8550 | medium | 5.4 | 6.4 | 9y ago | A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". | |||
| CVE-2017-9516 | medium | 5.4 | 6.4 | 9y ago | Craft CMS XSS Vulnerability | |||
| CVE-2017-7953 | medium | 5.4 | 6.4 | 9y ago | INFOR EAM V11.0 Build 201410 has XSS via comment fields. | |||
| CVE-2017-8831 | medium | 6.4 | 6.4 | 9y ago | The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly hav… | |||
| CVE-2017-3586 | medium | 6.4 | 6.4 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java | |||
| CVE-2017-3528 | medium | 5.4 | 6.4 | 9y ago | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.… | |||
| CVE-2017-6606 | medium | 6.4 | 6.4 | 9y ago | A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operat… | |||
| CVE-2017-0883 | medium | 6.4 | 6.4 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary … | |||
| CVE-2017-6340 | medium | 5.4 | 6.4 | 9y ago | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious J… | |||
| CVE-2017-7306 | medium | 6.4 | 6.4 | 9y ago | Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging kn… | |||
| CVE-2017-11906 | medium | 5.3 | 6.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv… | |||
| CVE-2017-12155 | medium | 6.3 | 6.3 | 9y ago | Openstack tripleo-heat-templates unauthenticated file access | |||
| CVE-2017-12335 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation… | |||
| CVE-2017-12330 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation… | |||
| CVE-2017-12329 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vuln… | |||
| CVE-2017-15102 | medium | 6.3 | 6.3 | 9y ago | The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by… | |||
| CVE-2017-15270 | medium | 5.3 | 6.3 | 9y ago | The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface… |