CVEs from 2017
Total
11,979
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
13.7%
% with KEV
0.7%
% with exploit
0.7%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 490
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-10370 | medium | 6.9 | 6.9 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vu… | |
| CVE-2017-10058 | medium | 6.9 | 6.9 | 9y ago | Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Administration). Supported versions that are affected are 11.1.… | |
| CVE-2017-17982 | medium | 6.8 | 6.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | |
| CVE-2017-17830 | medium | 6.8 | 6.8 | 9y ago | Bus Booking Script has CSRF via admin/new_master.php. | |
| CVE-2017-17746 | medium | 6.8 | 6.8 | 9y ago | Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authenticati… | |
| CVE-2017-12342 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vuln… | |
| CVE-2017-8206 | medium | 6.8 | 6.8 | 9y ago | HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use ap… | |
| CVE-2017-8166 | medium | 6.8 | 6.8 | 9y ago | Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use app… | |
| CVE-2017-8156 | medium | 6.8 | 6.8 | 9y ago | The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit boar… | |
| CVE-2017-8151 | medium | 6.8 | 6.8 | 9y ago | Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's … | |
| CVE-2017-2703 | medium | 6.8 | 6.8 | 9y ago | Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier be… | |
| CVE-2017-2702 | medium | 6.8 | 6.8 | 9y ago | Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone. | |
| CVE-2017-2691 | medium | 6.8 | 6.8 | 9y ago | Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass … | |
| CVE-2017-15527 | medium | 6.8 | 6.8 | 9y ago | Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / s… | |
| CVE-2017-11400 | medium | 6.8 | 6.8 | 9y ago | An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file s… | |
| CVE-2017-15526 | medium | 6.8 | 6.8 | 9y ago | Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scena… | |
| CVE-2017-16534 | medium | 6.8 | 6.8 | 9y ago | The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly hav… | |
| CVE-2017-1000147 | medium | 6.8 | 6.8 | 9y ago | Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. … | |
| CVE-2017-10274 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability… | |
| CVE-2017-13086 | medium | 6.8 | 6.8 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decry… | |
| CVE-2017-13084 | medium | 6.8 | 6.8 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, … | |
| CVE-2017-13077 | medium | 6.8 | 6.8 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, dec… | |
| CVE-2017-12732 | medium | 6.8 | 6.8 | 9y ago | A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allow… | |
| CVE-2017-12239 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical … | |
| CVE-2017-10814 | medium | 6.8 | 6.8 | 9y ago | Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. | |
| CVE-2017-10813 | medium | 6.8 | 6.8 | 9y ago | CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |
| CVE-2017-8628 | medium | 6.8 | 6.8 | 9y ago | Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation … | |
| CVE-2017-10811 | medium | 6.8 | 6.8 | 9y ago | Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | |
| CVE-2017-6790 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) … | |
| CVE-2017-3753 | medium | 6.8 | 6.8 | 9y ago | A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with ad… | |
| CVE-2017-8623 | medium | 6.8 | 6.8 | 9y ago | Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system,… | |
| CVE-2017-10198 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedde… | |
| CVE-2017-10181 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Forgot Password). Supported versions that are affected are 12.0.2 and 12.0.3. Ea… | |
| CVE-2017-10039 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerab… | |
| CVE-2017-2282 | medium | 6.8 | 6.8 | 9y ago | Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | |
| CVE-2017-9497 | medium | 6.8 | 6.8 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics… | |
| CVE-2017-9496 | medium | 6.8 | 6.8 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to access an SNMP server by connecting a cable to the Ethernet port… | |
| CVE-2017-0706 | medium | 6.8 | 6.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532. | |
| CVE-2017-0705 | medium | 6.8 | 6.8 | 9y ago | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898. | |
| CVE-2017-10709 | medium | 6.8 | 6.8 | 9y ago | The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. | |
| CVE-2017-9832 | medium | 6.8 | 6.8 | 9y ago | An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe rem… | |
| CVE-2017-9831 | medium | 6.8 | 6.8 | 9y ago | An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds … | |
| CVE-2017-7918 | medium | 6.8 | 6.8 | 9y ago | An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups u… | |
| CVE-2017-5646 | medium | 6.8 | 6.8 | 9y ago | Apache Knox allows impersonation of users | |
| CVE-2017-8879 | medium | 6.8 | 6.8 | 9y ago | Dolibarr allows password changes without supplying the current password | |
| CVE-2017-6628 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of s… | |
| CVE-2017-8371 | medium | 6.8 | 6.8 | 9y ago | Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |
| CVE-2017-2152 | medium | 6.8 | 6.8 | 9y ago | WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |
| CVE-2017-3485 | medium | 6.8 | 6.8 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |
| CVE-2017-6975 | medium | 6.8 | 6.8 | 9y ago | Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from… | |
| CVE-2017-7307 | medium | 6.8 | 6.8 | 9y ago | Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by… | |
| CVE-2017-3824 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of… | |
| CVE-2017-3812 | medium | 6.8 | 6.8 | 9y ago | A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a de… | |
| CVE-2017-14380 | medium | 6.7 | 6.7 | 9y ago | In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_… | |
| CVE-2017-15870 | medium | 6.7 | 6.7 | 9y ago | Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking." | |
| CVE-2017-12352 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated pri… | |
| CVE-2017-12341 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to… | |
| CVE-2017-12334 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to… | |
| CVE-2017-12333 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX… | |
| CVE-2017-12331 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX… | |
| CVE-2017-8190 | medium | 6.7 | 6.7 | 9y ago | FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high pri… | |
| CVE-2017-2723 | medium | 6.7 | 6.7 | 9y ago | The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system c… | |
| CVE-2017-12172 | medium | 6.7 | 6.7 | 9y ago | PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database su… | |
| CVE-2017-12313 | medium | 6.7 | 6.7 | 9y ago | An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking i… | |
| CVE-2017-12312 | medium | 6.7 | 6.7 | 9y ago | An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a lo… | |
| CVE-2017-12305 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability i… | |
| CVE-2017-14331 | medium | 6.7 | 6.7 | 9y ago | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell. | |
| CVE-2017-14330 | medium | 6.7 | 6.7 | 9y ago | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. | |
| CVE-2017-14329 | medium | 6.7 | 6.7 | 9y ago | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. | |
| CVE-2017-12317 | medium | 6.7 | 6.7 | 9y ago | The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static … | |
| CVE-2017-15651 | medium | 6.7 | 6.7 | 9y ago | PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message. | |
| CVE-2017-14019 | medium | 6.7 | 6.7 | 9y ago | An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authori… | |
| CVE-2017-12301 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying opera… | |
| CVE-2017-11823 | medium | 6.7 | 6.7 | 9y ago | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microso… | |
| CVE-2017-3763 | medium | 6.7 | 6.7 | 9y ago | An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | |
| CVE-2017-12255 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands enter… | |
| CVE-2017-1508 | medium | 6.7 | 6.7 | 9y ago | IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. | |
| CVE-2017-1439 | medium | 6.7 | 6.7 | 9y ago | IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. | |
| CVE-2017-1438 | medium | 6.7 | 6.7 | 9y ago | IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057. | |
| CVE-2017-6796 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrar… | |
| CVE-2017-6794 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker m… | |
| CVE-2017-6773 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions a… | |
| CVE-2017-10235 | medium | 6.7 | 6.7 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |
| CVE-2017-10004 | medium | 6.7 | 6.7 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high pr… | |
| CVE-2017-6748 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must… | |
| CVE-2017-9457 | medium | 6.7 | 6.7 | 9y ago | Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrat… | |
| CVE-2017-3754 | medium | 6.7 | 6.7 | 9y ago | Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to… | |
| CVE-2017-6735 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Informatio… | |
| CVE-2017-6732 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd4734… | |
| CVE-2017-6719 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection… | |
| CVE-2017-6718 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.… | |
| CVE-2017-9525 | medium | 6.7 | 6.7 | 9y ago | In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks aga… | |
| CVE-2017-8083 | medium | 6.7 | 6.7 | 9y ago | CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a … | |
| CVE-2017-5688 | medium | 6.7 | 6.7 | 9y ago | There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code. | |
| CVE-2017-5965 | medium | 6.7 | 6.7 | 9y ago | The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, v… | |
| CVE-2017-0244 | medium | 6.7 | 6.7 | 9y ago | The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause d… | |
| CVE-2017-4983 | medium | 6.7 | 6.7 | 9y ago | EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected … | |
| CVE-2017-5873 | medium | 6.7 | 6.7 | 9y ago | Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, … | |
| CVE-2017-6598 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security … | |
| CVE-2017-6417 | medium | 6.7 | 6.7 | 9y ago | Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and ear… |