CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11200 | high | 8.8 | 8.8 | 9y ago | SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. | |||
| CVE-2017-11196 | high | 8.8 | 8.8 | 9y ago | Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malici… | |||
| CVE-2017-11193 | high | 8.8 | 8.8 | 9y ago | Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These … | |||
| CVE-2017-2820 | high | 8.8 | 8.8 | 9y ago | An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causi… | |||
| CVE-2017-2818 | high | 8.8 | 8.8 | 9y ago | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image … | |||
| CVE-2017-2814 | high | 8.8 | 8.8 | 9y ago | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred,… | |||
| CVE-2017-4057 | high | 8.8 | 8.8 | 9y ago | Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI te… | |||
| CVE-2017-4054 | high | 8.8 | 8.8 | 9y ago | Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted H… | |||
| CVE-2017-11176 | high | 7.8 | 8.8 | 9y ago | The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to … | |||
| CVE-2017-8590 | high | 8.8 | 8.8 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation… | |||
| CVE-2017-8569 | high | 8.8 | 8.8 | 9y ago | Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XS… | |||
| CVE-2017-11170 | high | 8.8 | 8.8 | 9y ago | The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. | |||
| CVE-2017-8002 | high | 8.8 | 8.8 | 9y ago | EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about… | |||
| CVE-2017-11101 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. | |||
| CVE-2017-11100 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. | |||
| CVE-2017-11099 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. | |||
| CVE-2017-11098 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. | |||
| CVE-2017-11097 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. | |||
| CVE-2017-11096 | high | 8.8 | 8.8 | 9y ago | When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c. | |||
| CVE-2017-2244 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2017-2238 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier … | |||
| CVE-2017-2223 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allo… | |||
| CVE-2017-2186 | high | 8.8 | 8.8 | 9y ago | HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. | |||
| CVE-2017-2185 | high | 8.8 | 8.8 | 9y ago | HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | |||
| CVE-2017-2184 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. | |||
| CVE-2017-7404 | high | 8.8 | 8.8 | 9y ago | On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim… | |||
| CVE-2017-4998 | high | 8.8 | 8.8 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the… | |||
| CVE-2017-10971 | high | 8.8 | 8.8 | 9y ago | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of… | |||
| CVE-2017-6712 | high | 8.8 | 8.8 | 9y ago | A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vuln… | |||
| CVE-2017-9927 | high | 8.8 | 8.8 | 9y ago | In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation … | |||
| CVE-2017-9926 | high | 8.8 | 8.8 | 9y ago | In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation … | |||
| CVE-2017-9925 | high | 8.8 | 8.8 | 9y ago | In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting … | |||
| CVE-2017-9924 | high | 8.8 | 8.8 | 9y ago | In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00… | |||
| CVE-2017-10928 | high | 8.8 | 8.8 | 9y ago | In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified … | |||
| CVE-2017-10805 | high | 8.8 | 8.8 | 9y ago | In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OA… | |||
| CVE-2017-5944 | high | 8.8 | 8.8 | 9y ago | The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute a… | |||
| CVE-2017-5943 | high | 8.8 | 8.8 | 9y ago | Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens… | |||
| CVE-2017-6042 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify… | |||
| CVE-2017-10681 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | |||
| CVE-2017-10680 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted re… | |||
| CVE-2017-10678 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. | |||
| CVE-2017-2850 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftp… | |||
| CVE-2017-2849 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during N… | |||
| CVE-2017-2848 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during m… | |||
| CVE-2017-2847 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during m… | |||
| CVE-2017-2846 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during m… | |||
| CVE-2017-2845 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-2844 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" con… | |||
| CVE-2017-5528 | high | 8.8 | 8.8 | 9y ago | Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of t… | |||
| CVE-2017-8558 | high | 7.8 | 8.8 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows S… | |||
| CVE-2017-9992 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote at… | |||
| CVE-2017-9990 | high | 8.8 | 8.8 | 9y ago | Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2017-2843 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" c… | |||
| CVE-2017-2842 | high | 8.8 | 8.8 | 9y ago | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" c… | |||
| CVE-2017-2841 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-9948 | high | 8.8 | 8.8 | 9y ago | A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. | |||
| CVE-2017-9935 | high | 8.8 | 8.8 | 9y ago | In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can… | |||
| CVE-2017-9872 | high | 7.8 | 8.8 | 9y ago | The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overfl… | |||
| CVE-2017-9840 | high | 8.8 | 8.8 | 9y ago | Dolibarr ERP and CRM Unsafe File Upload Vulnerability | |||
| CVE-2017-9846 | high | 8.8 | 8.8 | 9y ago | Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folde… | |||
| CVE-2017-1347 | high | 8.8 | 8.8 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … | |||
| CVE-2017-3629 | high | 7.8 | 8.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low pri… | |||
| CVE-2017-3219 | high | 8.8 | 8.8 | 9y ago | Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | |||
| CVE-2017-3218 | high | 8.8 | 8.8 | 9y ago | Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. | |||
| CVE-2017-9774 | high | 8.8 | 8.8 | 9y ago | Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | |||
| CVE-2017-2828 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-2827 | high | 8.8 | 8.8 | 9y ago | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request c… | |||
| CVE-2017-1000379 | high | 7.8 | 8.8 | 9y ago | The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Lin… | |||
| CVE-2017-1000371 | high | 7.8 | 8.8 | 9y ago | The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then t… | |||
| CVE-2017-1000370 | high | 7.8 | 8.8 | 9y ago | The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address… | |||
| CVE-2017-1000366 | high | 7.8 | 8.8 | 9y ago | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note… | |||
| CVE-2017-9759 | high | 8.8 | 8.8 | 9y ago | SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | |||
| CVE-2017-9756 | high | 7.8 | 8.8 | 9y ago | The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspe… | |||
| CVE-2017-9750 | high | 7.8 | 8.8 | 9y ago | opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly… | |||
| CVE-2017-9749 | high | 7.8 | 8.8 | 9y ago | The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via … | |||
| CVE-2017-9748 | high | 7.8 | 8.8 | 9y ago | The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buff… | |||
| CVE-2017-9747 | high | 7.8 | 8.8 | 9y ago | The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buf… | |||
| CVE-2017-9746 | high | 7.8 | 8.8 | 9y ago | The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact… | |||
| CVE-2017-9742 | high | 7.8 | 8.8 | 9y ago | The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other… | |||
| CVE-2017-8487 | high | 7.8 | 8.8 | 9y ago | Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerabil… | |||
| CVE-2017-8461 | high | 7.8 | 8.8 | 9y ago | Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a … | |||
| CVE-2017-9673 | high | 8.8 | 8.8 | 9y ago | In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. | |||
| CVE-2017-8528 | high | 8.8 | 8.8 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S… | |||
| CVE-2017-8527 | high | 8.8 | 8.8 | 9y ago | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote… | |||
| CVE-2017-8512 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8510 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8509 | high | 8.8 | 8.8 | 9y ago | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique … | |||
| CVE-2017-8907 | high | 8.8 | 8.8 | 9y ago | Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can… | |||
| CVE-2017-6692 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default A… | |||
| CVE-2017-6689 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Adminis… | |||
| CVE-2017-6688 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerabil… | |||
| CVE-2017-6687 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default cr… | |||
| CVE-2017-6686 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affecte… | |||
| CVE-2017-6685 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device,… | |||
| CVE-2017-6684 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulner… | |||
| CVE-2017-6683 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected syste… | |||
| CVE-2017-6682 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Inf… | |||
| CVE-2017-6659 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and … | |||
| CVE-2017-4973 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry UAA Privilege Escalation | |||
| CVE-2017-4961 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum… |