CVEs from 2017
Total
11,611
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2515 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2514 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-9080 | high | 8.8 | 9.8 | 9y ago | PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. | |||
| CVE-2017-6048 | high | 8.8 | 9.8 | 9y ago | A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, an… | |||
| CVE-2017-7952 | high | 8.8 | 9.8 | 9y ago | INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | |||
| CVE-2017-8928 | high | 8.8 | 9.8 | 9y ago | mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | |||
| CVE-2017-3068 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execut… | |||
| CVE-2017-7981 | high | 8.8 | 9.8 | 9y ago | Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before … | |||
| CVE-2017-1274 | high | 8.8 | 9.8 | 9y ago | IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Fo… | |||
| CVE-2017-7221 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by levera… | |||
| CVE-2017-3576 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3563 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3561 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-7852 | high | 8.8 | 9.8 | 9y ago | D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the … | |||
| CVE-2017-7692 | high | 8.8 | 9.8 | 9y ago | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit … | |||
| CVE-2017-7615 | high | 8.8 | 9.8 | 9y ago | MantisBT allows arbitrary password reset | |||
| CVE-2017-3006 | high | 8.8 | 9.8 | 9y ago | Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. | |||
| CVE-2017-7447 | high | 8.8 | 9.8 | 9y ago | HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code. | |||
| CVE-2017-7446 | high | 8.8 | 9.8 | 9y ago | HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. | |||
| CVE-2017-7398 | high | 8.8 | 9.8 | 9y ago | D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin i… | |||
| CVE-2017-2476 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2471 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-… | |||
| CVE-2017-2470 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2469 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2468 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2466 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2464 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2460 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2459 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2457 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitr… | |||
| CVE-2017-2455 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2454 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2446 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-5671 | high | 8.8 | 9.8 | 9y ago | Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, whic… | |||
| CVE-2017-6087 | high | 8.8 | 9.8 | 9y ago | EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3… | |||
| CVE-2017-5869 | high | 8.8 | 9.8 | 9y ago | Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in … | |||
| CVE-2017-6971 | high | 8.8 | 9.8 | 9y ago | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving t… | |||
| CVE-2017-6803 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication… | |||
| CVE-2017-7178 | high | 8.8 | 9.8 | 9y ago | CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) caus… | |||
| CVE-2017-0090 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0089 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0088 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote… | |||
| CVE-2017-0087 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0086 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0084 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2017-0083 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0072 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-6366 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that pe… | |||
| CVE-2017-6896 | high | 8.8 | 9.8 | 9y ago | Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session… | |||
| CVE-2017-6398 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is … | |||
| CVE-2017-6823 | high | 8.8 | 9.8 | 9y ago | Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | |||
| CVE-2017-6529 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter. | |||
| CVE-2017-6549 | high | 8.8 | 9.8 | 9y ago | Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B… | |||
| CVE-2017-6411 | high | 8.8 | 9.8 | 9y ago | Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | |||
| CVE-2017-2373 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2369 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2362 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2992 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2988 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code executi… | |||
| CVE-2017-2986 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2985 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execut… | |||
| CVE-2017-5180 | high | 8.8 | 9.8 | 9y ago | Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users … | |||
| CVE-2017-3807 | high | 8.8 | 9.8 | 9y ago | A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause… | |||
| CVE-2017-3823 | high | 8.8 | 9.8 | 10y ago | An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plug… | |||
| CVE-2017-5473 | high | 8.8 | 9.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user… | |||
| CVE-2017-2935 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitra… | |||
| CVE-2017-2934 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execut… | |||
| CVE-2017-2933 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2932 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2931 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code exe… | |||
| CVE-2017-2930 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead … | |||
| CVE-2017-15644 | high | 8.6 | 9.6 | 9y ago | SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | |||
| CVE-2017-3558 | high | 8.5 | 9.5 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3587 | high | 8.4 | 9.4 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "explo… | |||
| CVE-2017-6970 | high | 8.4 | 9.4 | 9y ago | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | |||
| CVE-2017-3316 | high | 8.4 | 9.4 | 10y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily explo… | |||
| CVE-2017-11322 | high | 8.2 | 9.2 | 9y ago | The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | |||
| CVE-2017-10246 | high | 8.2 | 9.2 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. … | |||
| CVE-2017-7228 | high | 8.2 | 9.2 | 9y ago | An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, al… | |||
| CVE-2017-16929 | high | 8.1 | 9.1 | 9y ago | The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a re… | |||
| CVE-2017-13872 | high | 8.1 | 9.1 | 9y ago | An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain a… | |||
| CVE-2017-15806 | high | 8.1 | 9.1 | 9y ago | Zeta Components Mail Arbitrary code execution via a crafted email address | |||
| CVE-2017-7115 | high | 8.1 | 9.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrar… | |||
| CVE-2017-14084 | high | 8.1 | 9.1 | 9y ago | A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | |||
| CVE-2017-8841 | high | 8.1 | 9.1 | 9y ago | Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology … | |||
| CVE-2017-2447 | high | 8.1 | 9.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-6412 | high | 8.1 | 9.1 | 9y ago | In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | |||
| CVE-2017-6528 | high | 8.1 | 9.1 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file). | |||
| CVE-2017-6351 | high | 8.1 | 9.1 | 9y ago | The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device u… | |||
| CVE-2017-18078 | high | — | 9.0 | — | systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass… | |||
| CVE-2017-9411 | high | — | 9.0 | — | multiple issues in lame | |||
| CVE-2017-5123 | high | — | 9.0 | — | Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. | |||
| CVE-2017-9410 | high | — | 9.0 | — | multiple issues in lame | |||
| CVE-2017-5715 | high | — | 9.0 | 4y ago | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel a… | |||
| CVE-2017-5262 | high | 8.0 | 9.0 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. | |||
| CVE-2017-13129 | high | 8.0 | 9.0 | 9y ago | Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators … | |||
| CVE-2017-1000251 | high | 8.0 | 9.0 | 9y ago | The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing … | |||
| CVE-2017-7571 | high | 8.0 | 9.0 | 9y ago | public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. | |||
| CVE-2017-5633 | high | 8.0 | 9.0 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (… | |||
| CVE-2017-3575 | high | 7.9 | 8.9 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… |