CVEs from 2017
Total
11,979
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
13.7%
% with KEV
0.7%
% with exploit
0.7%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 490
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-5686 | low | 3.9 | 3.9 | 9y ago | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. | |
| CVE-2017-5685 | low | 3.9 | 3.9 | 9y ago | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. | |
| CVE-2017-5684 | low | 3.9 | 3.9 | 9y ago | The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. | |
| CVE-2017-9369 | low | 3.8 | 3.8 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to g… | |
| CVE-2017-3892 | low | 3.8 | 3.8 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating t… | |
| CVE-2017-10365 | low | 3.8 | 3.8 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high p… | |
| CVE-2017-4896 | low | 3.8 | 3.8 | 9y ago | Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthoriz… | |
| CVE-2017-7995 | low | 3.8 | 3.8 | 9y ago | Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in th… | |
| CVE-2017-20200 | low | 3.7 | 3.7 | 8mo ago | A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launch… | |
| CVE-2017-15321 | low | 3.7 | 3.7 | 9y ago | Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets tran… | |
| CVE-2017-1497 | low | 3.7 | 3.7 | 9y ago | IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | |
| CVE-2017-1355 | low | 3.7 | 3.7 | 9y ago | IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, … | |
| CVE-2017-1341 | low | 3.7 | 3.7 | 9y ago | IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. | |
| CVE-2017-17433 | low | 3.7 | 3.7 | 9y ago | The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_f… | |
| CVE-2017-8822 | low | 3.7 | 3.7 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick th… | |
| CVE-2017-15528 | low | 3.7 | 3.7 | 9y ago | Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pu… | |
| CVE-2017-1228 | low | 3.7 | 3.7 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An a… | |
| CVE-2017-7084 | low | 3.7 | 3.7 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in o… | |
| CVE-2017-10341 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to… | |
| CVE-2017-10166 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult… | |
| CVE-2017-14595 | low | 3.7 | 3.7 | 9y ago | In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. | |
| CVE-2017-10856 | low | 3.7 | 3.7 | 9y ago | SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially … | |
| CVE-2017-1520 | low | 3.7 | 3.7 | 9y ago | IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. | |
| CVE-2017-3650 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticat… | |
| CVE-2017-2137 | low | 3.7 | 3.7 | 9y ago | ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. | |
| CVE-2017-3544 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed… | |
| CVE-2017-3533 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed… | |
| CVE-2017-3469 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulne… | |
| CVE-2017-3467 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unaut… | |
| CVE-2017-0159 | low | 3.7 | 3.7 | 9y ago | A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, ak… | |
| CVE-2017-5865 | low | 3.7 | 3.7 | 9y ago | The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is v… | |
| CVE-2017-5928 | low | 3.7 | 3.7 | 9y ago | The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the http… | |
| CVE-2017-3323 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. … | |
| CVE-2017-3322 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and .… | |
| CVE-2017-3321 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Di… | |
| CVE-2017-3259 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allow… | |
| CVE-2017-1353 | low | 3.5 | 3.5 | 9y ago | IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 12668… | |
| CVE-2017-2730 | low | 3.5 | 3.5 | 9y ago | HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these AP… | |
| CVE-2017-10308 | low | 3.5 | 3.5 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Performance). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnera… | |
| CVE-2017-10014 | low | 3.5 | 3.5 | 9y ago | Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vul… | |
| CVE-2017-5244 | low | 3.5 | 3.5 | 9y ago | Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of t… | |
| CVE-2017-2161 | low | 3.5 | 3.5 | 9y ago | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access re… | |
| CVE-2017-9139 | low | 3.5 | 3.5 | 9y ago | There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (… | |
| CVE-2017-0895 | low | 3.5 | 3.5 | 9y ago | Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been… | |
| CVE-2017-0892 | low | 3.5 | 3.5 | 9y ago | Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | |
| CVE-2017-5607 | low | 3.5 | 3.5 | 9y ago | Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 a… | |
| CVE-2017-3235 | low | 3.5 | 3.5 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |
| CVE-2017-10088 | low | 3.4 | 3.4 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |
| CVE-2017-9856 | low | 3.4 | 3.4 | 9y ago | An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption alg… | |
| CVE-2017-3590 | low | 3.3 | 3.3 | 4y ago | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows… | |
| CVE-2017-17864 | low | 3.3 | 3.3 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentia… | |
| CVE-2017-17807 | low | 3.3 | 3.3 | 9y ago | The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing … | |
| CVE-2017-1270 | low | 3.3 | 3.3 | 9y ago | IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cooki… | |
| CVE-2017-1261 | low | 3.3 | 3.3 | 9y ago | IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. | |
| CVE-2017-15530 | low | 3.3 | 3.3 | 9y ago | Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first… | |
| CVE-2017-1716 | low | 3.3 | 3.3 | 9y ago | IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. | |
| CVE-2017-2701 | low | 3.3 | 3.3 | 9y ago | Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting… | |
| CVE-2017-2694 | low | 3.3 | 3.3 | 9y ago | The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious appl… | |
| CVE-2017-1088 | low | 3.3 | 3.3 | 9y ago | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure befo… | |
| CVE-2017-1086 | low | 3.3 | 3.3 | 9y ago | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any… | |
| CVE-2017-13852 | low | 3.3 | 3.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the … | |
| CVE-2017-13801 | low | 3.3 | 3.3 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is us… | |
| CVE-2017-1000242 | low | 3.3 | 3.3 | 9y ago | Insecure temporary file usage in Jenkins Git Client Plugin | |
| CVE-2017-5084 | low | 3.3 | 3.3 | 9y ago | Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. | |
| CVE-2017-5081 | low | 3.3 | 3.3 | 9y ago | Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to m… | |
| CVE-2017-15096 | low | 3.3 | 3.3 | 9y ago | A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service. | |
| CVE-2017-7148 | low | 3.3 | 3.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a… | |
| CVE-2017-7138 | low | 3.3 | 3.3 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer… | |
| CVE-2017-14772 | low | 3.3 | 3.3 | 9y ago | Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing… | |
| CVE-2017-8676 | low | 3.3 | 3.3 | 9y ago | The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, … | |
| CVE-2017-1422 | low | 3.3 | 3.3 | 9y ago | IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412. | |
| CVE-2017-10095 | low | 3.3 | 3.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticat… | |
| CVE-2017-1381 | low | 3.3 | 3.3 | 9y ago | IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then… | |
| CVE-2017-0709 | low | 3.3 | 3.3 | 9y ago | A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048. | |
| CVE-2017-1176 | low | 3.3 | 3.3 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299. | |
| CVE-2017-1125 | low | 3.3 | 3.3 | 9y ago | IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340. | |
| CVE-2017-3741 | low | 3.3 | 3.3 | 9y ago | In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbo… | |
| CVE-2017-8933 | low | 3.3 | 3.3 | 9y ago | Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability). | |
| CVE-2017-8418 | low | 3.3 | 3.3 | 9y ago | RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. | |
| CVE-2017-3589 | low | 3.3 | 3.3 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java | |
| CVE-2017-3498 | low | 3.3 | 3.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privi… | |
| CVE-2017-3474 | low | 3.3 | 3.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privile… | |
| CVE-2017-2806 | low | 3.3 | 3.3 | 9y ago | An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory d… | |
| CVE-2017-3033 | low | 3.3 | 3.3 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data. | |
| CVE-2017-3032 | low | 3.3 | 3.3 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser. | |
| CVE-2017-3031 | low | 3.3 | 3.3 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine. | |
| CVE-2017-3029 | low | 3.3 | 3.3 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream. | |
| CVE-2017-3022 | low | 3.3 | 3.3 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file. | |
| CVE-2017-3021 | low | 3.3 | 3.3 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine. | |
| CVE-2017-3020 | low | 3.3 | 3.3 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module. | |
| CVE-2017-0188 | low | 3.3 | 3.3 | 9y ago | A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component imprope… | |
| CVE-2017-2426 | low | 3.3 | 3.3 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local f… | |
| CVE-2017-2404 | low | 3.3 | 3.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbe… | |
| CVE-2017-2384 | low | 3.3 | 3.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users… | |
| CVE-2017-5985 | low | 3.3 | 3.3 | 9y ago | lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ow… | |
| CVE-2017-2357 | low | 3.3 | 3.3 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout inf… | |
| CVE-2017-3301 | low | 3.3 | 3.3 | 10y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthentic… | |
| CVE-2017-3240 | low | 3.3 | 3.3 | 10y ago | Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Loc… | |
| CVE-2017-3239 | low | 3.3 | 3.3 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnera… | |
| CVE-2017-15897 | low | 3.1 | 3.1 | 9y ago | Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This… |