CVEs from 2017
Total
11,613
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0270 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0269 | medium | 5.9 | 5.9 | 9y ago | The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID… | |||
| CVE-2017-0268 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0267 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0171 | medium | 5.9 | 5.9 | 9y ago | Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer versio… | |||
| CVE-2017-8851 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact… | |||
| CVE-2017-8850 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers c… | |||
| CVE-2017-5948 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check tha… | |||
| CVE-2017-6137 | medium | 5.9 | 5.9 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclo… | |||
| CVE-2017-6024 | medium | 5.9 | 5.9 | 9y ago | A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28… | |||
| CVE-2017-8060 | medium | 5.9 | 5.9 | 9y ago | Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during… | |||
| CVE-2017-8058 | medium | 5.9 | 5.9 | 9y ago | Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent du… | |||
| CVE-2017-5919 | medium | 5.9 | 5.9 | 9y ago | The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cra… | |||
| CVE-2017-5918 | medium | 5.9 | 5.9 | 9y ago | The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a… | |||
| CVE-2017-5916 | medium | 5.9 | 5.9 | 9y ago | The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2017-5915 | medium | 5.9 | 5.9 | 9y ago | The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middl… | |||
| CVE-2017-5914 | medium | 5.9 | 5.9 | 9y ago | The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted… | |||
| CVE-2017-5913 | medium | 5.9 | 5.9 | 9y ago | The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a … | |||
| CVE-2017-5912 | medium | 5.9 | 5.9 | 9y ago | The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit… | |||
| CVE-2017-5911 | medium | 5.9 | 5.9 | 9y ago | The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitiv… | |||
| CVE-2017-5909 | medium | 5.9 | 5.9 | 9y ago | The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit… | |||
| CVE-2017-5907 | medium | 5.9 | 5.9 | 9y ago | The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai… | |||
| CVE-2017-5906 | medium | 5.9 | 5.9 | 9y ago | The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an… | |||
| CVE-2017-5905 | medium | 5.9 | 5.9 | 9y ago | The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted … | |||
| CVE-2017-5902 | medium | 5.9 | 5.9 | 9y ago | The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific… | |||
| CVE-2017-5901 | medium | 5.9 | 5.9 | 9y ago | The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive infor… | |||
| CVE-2017-3213 | medium | 5.9 | 5.9 | 9y ago | The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information … | |||
| CVE-2017-3212 | medium | 5.9 | 5.9 | 9y ago | The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai… | |||
| CVE-2017-3732 | medium | 5.9 | 5.9 | 9y ago | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks agai… | |||
| CVE-2017-2110 | medium | 5.9 | 5.9 | 9y ago | The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sen… | |||
| CVE-2017-2105 | medium | 5.9 | 5.9 | 9y ago | The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte… | |||
| CVE-2017-2104 | medium | 5.9 | 5.9 | 9y ago | The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio… | |||
| CVE-2017-2103 | medium | 5.9 | 5.9 | 9y ago | The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c… | |||
| CVE-2017-3594 | medium | 5.9 | 5.9 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-3526 | medium | 5.9 | 5.9 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8… | |||
| CVE-2017-7461 | medium | 4.9 | 5.9 | 9y ago | Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a v… | |||
| CVE-2017-3887 | medium | 5.9 | 5.9 | 9y ago | A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of servic… | |||
| CVE-2017-3885 | medium | 5.9 | 5.9 | 9y ago | A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of servi… | |||
| CVE-2017-2448 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows … | |||
| CVE-2017-2412 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data… | |||
| CVE-2017-5622 | medium | 5.9 | 5.9 | 9y ago | With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open … | |||
| CVE-2017-6507 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have … | |||
| CVE-2017-3850 | medium | 5.9 | 5.9 | 9y ago | A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated,… | |||
| CVE-2017-0016 | medium | 5.9 | 5.9 | 9y ago | Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allow… | |||
| CVE-2017-5831 | medium | 5.9 | 5.9 | 9y ago | Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | |||
| CVE-2017-6344 | medium | 5.9 | 5.9 | 9y ago | XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | |||
| CVE-2017-6341 | medium | 5.9 | 5.9 | 9y ago | Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to … | |||
| CVE-2017-6297 | medium | 5.9 | 5.9 | 9y ago | The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain… | |||
| CVE-2017-5163 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, whi… | |||
| CVE-2017-3896 | medium | 5.9 | 5.9 | 9y ago | Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters v… | |||
| CVE-2017-5858 | medium | 5.9 | 5.9 | 9y ago | User Impersonation in converse.js | |||
| CVE-2017-5606 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5605 | medium | 5.9 | 5.9 | 9y ago | XMPP Clients User Impersonation Vulnerability in Movim Moxl | |||
| CVE-2017-5604 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5603 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5602 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5593 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5592 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5591 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5590 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5589 | medium | 5.9 | 5.9 | 9y ago | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This… | |||
| CVE-2017-5933 | medium | 5.9 | 5.9 | 9y ago | Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for rem… | |||
| CVE-2017-3242 | medium | 5.9 | 5.9 | 10y ago | Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable v… | |||
| CVE-2017-5544 | medium | 5.9 | 5.9 | 10y ago | An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly… | |||
| CVE-2017-12353 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypa… | |||
| CVE-2017-12328 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition b… | |||
| CVE-2017-12311 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it rec… | |||
| CVE-2017-12300 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message… | |||
| CVE-2017-14618 | medium | 4.8 | 5.8 | 9y ago | Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | |||
| CVE-2017-12218 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, re… | |||
| CVE-2017-10173 | medium | 5.8 | 5.8 | 9y ago | Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Website). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 … | |||
| CVE-2017-10148 | medium | 5.8 | 5.8 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. … | |||
| CVE-2017-3865 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunn… | |||
| CVE-2017-6620 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management A… | |||
| CVE-2017-6613 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead t… | |||
| CVE-2017-0191 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objec… | |||
| CVE-2017-0186 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fa… | |||
| CVE-2017-0185 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fa… | |||
| CVE-2017-0183 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server… | |||
| CVE-2017-0182 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server… | |||
| CVE-2017-0179 | medium | 5.8 | 5.8 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from … | |||
| CVE-2017-0168 | medium | 5.8 | 5.8 | 9y ago | An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 20… | |||
| CVE-2017-7200 | medium | 5.8 | 5.8 | 9y ago | OpenStack Glance Server-Side Request Forgery (SSRF) | |||
| CVE-2017-3870 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. A… | |||
| CVE-2017-3827 | medium | 5.8 | 5.8 | 9y ago | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauth… | |||
| CVE-2017-3818 | medium | 5.8 | 5.8 | 10y ago | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypa… | |||
| CVE-2017-3814 | medium | 5.8 | 5.8 | 10y ago | A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More I… | |||
| CVE-2017-3809 | medium | 5.8 | 5.8 | 10y ago | A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule ba… | |||
| CVE-2017-3255 | medium | 5.8 | 5.8 | 10y ago | Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1… | |||
| CVE-2017-3252 | medium | 5.8 | 5.8 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8… | |||
| CVE-2017-3800 | medium | 5.8 | 5.8 | 10y ago | A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or cont… | |||
| CVE-2017-15532 | medium | 5.7 | 5.7 | 9y ago | Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stor… | |||
| CVE-2017-12351 | medium | 5.7 | 5.7 | 9y ago | A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An atta… | |||
| CVE-2017-12339 | medium | 5.7 | 5.7 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation… | |||
| CVE-2017-11831 | medium | 4.7 | 5.7 | 9y ago | Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Serv… | |||
| CVE-2017-5201 | medium | 5.7 | 5.7 | 9y ago | NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability tha… | |||
| CVE-2017-13683 | medium | 5.7 | 5.7 | 9y ago | In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that … | |||
| CVE-2017-13682 | medium | 5.7 | 5.7 | 9y ago | In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way th… | |||
| CVE-2017-14937 | medium | 4.7 | 5.7 | 9y ago | The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control unit… | |||
| CVE-2017-10389 | medium | 5.7 | 5.7 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnera… |