CVEs from 2017
Total
11,693
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2539 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2538 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2536 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2531 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2530 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The iss… | |||
| CVE-2017-2526 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2525 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2521 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2515 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2514 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2506 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2505 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2496 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-6634 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF… | |||
| CVE-2017-9135 | high | 8.8 | 8.8 | 9y ago | An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are … | |||
| CVE-2017-9133 | high | 8.8 | 8.8 | 9y ago | An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other ho… | |||
| CVE-2017-9115 | high | 8.8 | 8.8 | 9y ago | In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. | |||
| CVE-2017-9113 | high | 8.8 | 8.8 | 9y ago | In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. | |||
| CVE-2017-9111 | high | 8.8 | 8.8 | 9y ago | OpenEXR invalid write | |||
| CVE-2017-9100 | high | 8.8 | 8.8 | 9y ago | login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | |||
| CVE-2017-9078 | high | 8.8 | 8.8 | 9y ago | The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | |||
| CVE-2017-9069 | high | 8.8 | 8.8 | 9y ago | MODX Revolution allows overwriting .htaccess | |||
| CVE-2017-9064 | high | 8.8 | 8.8 | 9y ago | In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | |||
| CVE-2017-7662 | high | 8.8 | 8.8 | 9y ago | Cross-Site Request Forgery in Apache CXF Fediz | |||
| CVE-2017-7661 | high | 8.8 | 8.8 | 9y ago | Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2 | |||
| CVE-2017-7952 | high | 8.8 | 8.8 | 9y ago | INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | |||
| CVE-2017-8930 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administ… | |||
| CVE-2017-8928 | high | 8.8 | 8.8 | 9y ago | mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | |||
| CVE-2017-8905 | high | 8.8 | 8.8 | 9y ago | Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. | |||
| CVE-2017-8904 | high | 8.8 | 8.8 | 9y ago | Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the… | |||
| CVE-2017-8903 | high | 8.8 | 8.8 | 9y ago | Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213. | |||
| CVE-2017-4895 | high | 8.8 | 8.8 | 9y ago | Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access… | |||
| CVE-2017-8874 | high | 8.8 | 8.8 | 9y ago | Mautic Cross-Site Request Forgery (CSRF) | |||
| CVE-2017-5891 | high | 8.8 | 8.8 | 9y ago | ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. | |||
| CVE-2017-3074 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3073 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploi… | |||
| CVE-2017-3072 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3071 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3070 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3069 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-3068 | high | 8.8 | 8.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execut… | |||
| CVE-2017-5029 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-7923 | high | 8.8 | 8.8 | 9y ago | A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS… | |||
| CVE-2017-7911 | high | 8.8 | 8.8 | 9y ago | A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. | |||
| CVE-2017-6031 | high | 8.8 | 8.8 | 9y ago | A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may al… | |||
| CVE-2017-1156 | high | 8.8 | 8.8 | 9y ago | IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attac… | |||
| CVE-2017-8793 | high | 8.8 | 8.8 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the … | |||
| CVE-2017-8080 | high | 8.8 | 8.8 | 9y ago | Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | |||
| CVE-2017-6557 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-8787 | high | 8.8 | 8.8 | 9y ago | The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer o… | |||
| CVE-2017-5481 | high | 8.8 | 8.8 | 9y ago | Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. | |||
| CVE-2017-8454 | high | 8.8 | 8.8 | 9y ago | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in … | |||
| CVE-2017-8453 | high | 8.8 | 8.8 | 9y ago | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in … | |||
| CVE-2017-7431 | high | 8.8 | 8.8 | 9y ago | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | |||
| CVE-2017-8403 | high | 8.8 | 8.8 | 9y ago | 360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a… | |||
| CVE-2017-8400 | high | 8.8 | 8.8 | 9y ago | In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attack… | |||
| CVE-2017-6565 | high | 8.8 | 8.8 | 9y ago | On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service.… | |||
| CVE-2017-8377 | high | 8.8 | 8.8 | 9y ago | GeniXCMS SQL Injection | |||
| CVE-2017-8361 | high | 8.8 | 8.8 | 9y ago | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via… | |||
| CVE-2017-8081 | high | 8.8 | 8.8 | 9y ago | Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via ca… | |||
| CVE-2017-8326 | high | 8.8 | 8.8 | 9y ago | libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (applica… | |||
| CVE-2017-8325 | high | 8.8 | 8.8 | 9y ago | The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and … | |||
| CVE-2017-8114 | high | 8.8 | 8.8 | 9y ago | Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly rest… | |||
| CVE-2017-7981 | high | 8.8 | 8.8 | 9y ago | Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before … | |||
| CVE-2017-6250 | high | 8.8 | 8.8 | 9y ago | NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. | |||
| CVE-2017-1194 | high | 8.8 | 8.8 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user… | |||
| CVE-2017-2155 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. | |||
| CVE-2017-2149 | high | 8.8 | 8.8 | 9y ago | Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded w… | |||
| CVE-2017-2140 | high | 8.8 | 8.8 | 9y ago | Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | |||
| CVE-2017-2128 | high | 8.8 | 8.8 | 9y ago | Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | |||
| CVE-2017-2125 | high | 8.8 | 8.8 | 9y ago | Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. | |||
| CVE-2017-2113 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmwar… | |||
| CVE-2017-2112 | high | 8.8 | 8.8 | 9y ago | TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and … | |||
| CVE-2017-2102 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of admini… | |||
| CVE-2017-2097 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2017-6037 | high | 8.8 | 8.8 | 9y ago | A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run… | |||
| CVE-2017-6035 | high | 8.8 | 8.8 | 9y ago | A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when… | |||
| CVE-2017-1274 | high | 8.8 | 8.8 | 9y ago | IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Fo… | |||
| CVE-2017-7221 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by levera… | |||
| CVE-2017-5051 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5050 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5049 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5048 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5047 | high | 8.8 | 8.8 | 9y ago | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a… | |||
| CVE-2017-5043 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5034 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5032 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5031 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3622 | high | 7.8 | 8.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily "exploitable" vulner… | |||
| CVE-2017-3578 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Easily "explo… | |||
| CVE-2017-3576 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3563 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3561 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-8101 | high | 8.8 | 8.8 | 9y ago | There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | |||
| CVE-2017-2332 | high | 8.8 | 8.8 | 9y ago | An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker … | |||
| CVE-2017-7852 | high | 8.8 | 8.8 | 9y ago | D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the … | |||
| CVE-2017-7951 | high | 8.8 | 8.8 | 9y ago | WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | |||
| CVE-2017-7220 | high | 8.8 | 8.8 | 9y ago | OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "… | |||
| CVE-2017-7990 | high | 8.8 | 8.8 | 9y ago | The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageRepor… | |||
| CVE-2017-6619 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vul… |