CVEs from 2017
Total
11,611
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7918 | medium | 6.8 | 7.8 | 9y ago | An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups u… | |||
| CVE-2017-11823 | medium | 6.7 | 7.7 | 9y ago | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microso… | |||
| CVE-2017-6516 | medium | 6.7 | 7.7 | 9y ago | A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-… | |||
| CVE-2017-7154 | medium | 6.6 | 7.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows lo… | |||
| CVE-2017-11885 | medium | 6.6 | 7.6 | 9y ago | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709… | |||
| CVE-2017-7938 | medium | 6.6 | 7.6 | 9y ago | Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other i… | |||
| CVE-2017-16787 | medium | 6.5 | 7.5 | 9y ago | The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | |||
| CVE-2017-16353 | medium | 6.5 | 7.5 | 9y ago | GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The p… | |||
| CVE-2017-15639 | medium | 6.5 | 7.5 | 9y ago | tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. | |||
| CVE-2017-15359 | medium | 6.5 | 7.5 | 9y ago | In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInf… | |||
| CVE-2017-15084 | medium | 6.5 | 7.5 | 9y ago | The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | |||
| CVE-2017-14841 | medium | 6.5 | 7.5 | 9y ago | Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | |||
| CVE-2017-0785 | medium | 6.5 | 7.5 | 9y ago | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | |||
| CVE-2017-1130 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h… | |||
| CVE-2017-1129 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213… | |||
| CVE-2017-12954 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. | |||
| CVE-2017-12953 | medium | 6.5 | 7.5 | 9y ago | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. | |||
| CVE-2017-12952 | medium | 6.5 | 7.5 | 9y ago | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||
| CVE-2017-12951 | medium | 6.5 | 7.5 | 9y ago | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a craft… | |||
| CVE-2017-12950 | medium | 6.5 | 7.5 | 9y ago | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |||
| CVE-2017-11664 | medium | 6.5 | 7.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-11663 | medium | 6.5 | 7.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||
| CVE-2017-8652 | medium | 6.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi… | |||
| CVE-2017-11356 | medium | 6.5 | 7.5 | 9y ago | The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by lever… | |||
| CVE-2017-11552 | medium | 6.5 | 7.5 | 9y ago | mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decode… | |||
| CVE-2017-10803 | medium | 6.5 | 7.5 | 9y ago | In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated pr… | |||
| CVE-2017-9936 | medium | 6.5 | 7.5 | 9y ago | In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. | |||
| CVE-2017-1000373 | medium | 6.5 | 7.5 | 9y ago | The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allo… | |||
| CVE-2017-9128 | medium | 6.5 | 7.5 | 9y ago | The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 … | |||
| CVE-2017-9127 | medium | 6.5 | 7.5 | 9y ago | The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted … | |||
| CVE-2017-9126 | medium | 6.5 | 7.5 | 9y ago | The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. | |||
| CVE-2017-9125 | medium | 6.5 | 7.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. | |||
| CVE-2017-9124 | medium | 6.5 | 7.5 | 9y ago | The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |||
| CVE-2017-9123 | medium | 6.5 | 7.5 | 9y ago | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | |||
| CVE-2017-9122 | medium | 6.5 | 7.5 | 9y ago | The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |||
| CVE-2017-8871 | medium | 6.5 | 7.5 | 9y ago | The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | |||
| CVE-2017-9147 | medium | 6.5 | 7.5 | 9y ago | LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. | |||
| CVE-2017-4916 | medium | 6.5 | 7.5 | 9y ago | VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privilege… | |||
| CVE-2017-7620 | medium | 6.5 | 7.5 | 9y ago | MantisBT vulnerable to CSRF and Open Redirect attacks | |||
| CVE-2017-3548 | medium | 6.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "expl… | |||
| CVE-2017-3546 | medium | 6.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "… | |||
| CVE-2017-6339 | medium | 6.5 | 7.5 | 9y ago | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate A… | |||
| CVE-2017-6338 | medium | 6.5 | 7.5 | 9y ago | Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audit… | |||
| CVE-2017-2480 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tv… | |||
| CVE-2017-2479 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tv… | |||
| CVE-2017-2442 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attacke… | |||
| CVE-2017-2367 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-0063 | medium | 6.5 | 7.5 | 9y ago | The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT… | |||
| CVE-2017-2371 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site. | |||
| CVE-2017-2365 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2364 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the… | |||
| CVE-2017-2363 | medium | 6.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve… | |||
| CVE-2017-1000367 | medium | 6.4 | 7.4 | 9y ago | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | |||
| CVE-2017-14016 | medium | 6.3 | 7.3 | 9y ago | A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying… | |||
| CVE-2017-9640 | medium | 6.3 | 7.3 | 9y ago | A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC … | |||
| CVE-2017-17752 | medium | 6.1 | 7.1 | 9y ago | Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.… | |||
| CVE-2017-17649 | medium | 6.1 | 7.1 | 9y ago | Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | |||
| CVE-2017-17737 | medium | 6.1 | 7.1 | 9y ago | The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. | |||
| CVE-2017-16884 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. | |||
| CVE-2017-16962 | medium | 6.1 | 7.1 | 9y ago | The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a craf… | |||
| CVE-2017-16841 | medium | 6.1 | 7.1 | 9y ago | LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | |||
| CVE-2017-16836 | medium | 6.1 | 7.1 | 9y ago | Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | |||
| CVE-2017-15878 | medium | 6.1 | 7.1 | 9y ago | Cross-Site Scripting in keystone | |||
| CVE-2017-15687 | medium | 6.1 | 7.1 | 9y ago | DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. | |||
| CVE-2017-7089 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It all… | |||
| CVE-2017-15291 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description fi… | |||
| CVE-2017-15646 | medium | 6.1 | 7.1 | 9y ago | Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After set… | |||
| CVE-2017-15374 | medium | 6.1 | 7.1 | 9y ago | Shopware XSS Vulnerability | |||
| CVE-2017-15287 | medium | 6.1 | 7.1 | 9y ago | There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | |||
| CVE-2017-14620 | medium | 6.1 | 7.1 | 9y ago | SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||
| CVE-2017-14619 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | |||
| CVE-2017-3133 | medium | 6.1 | 7.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | |||
| CVE-2017-3132 | medium | 6.1 | 7.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToke… | |||
| CVE-2017-14219 | medium | 6.1 | 7.1 | 9y ago | XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSu… | |||
| CVE-2017-14126 | medium | 6.1 | 7.1 | 9y ago | The Participants Database plugin before 1.7.5.10 for WordPress has XSS. | |||
| CVE-2017-9979 | medium | 6.1 | 7.1 | 9y ago | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to… | |||
| CVE-2017-12971 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. | |||
| CVE-2017-12984 | medium | 6.1 | 7.1 | 9y ago | PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | |||
| CVE-2017-11320 | medium | 6.1 | 7.1 | 9y ago | Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router. | |||
| CVE-2017-11355 | medium | 6.1 | 7.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) … | |||
| CVE-2017-9813 | medium | 6.1 | 7.1 | 9y ago | In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site sc… | |||
| CVE-2017-8839 | medium | 6.1 | 7.1 | 9y ago | XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/p… | |||
| CVE-2017-8838 | medium | 6.1 | 7.1 | 9y ago | XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/H… | |||
| CVE-2017-2528 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un… | |||
| CVE-2017-2510 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un… | |||
| CVE-2017-2508 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un… | |||
| CVE-2017-2504 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-5631 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string. | |||
| CVE-2017-7896 | medium | 6.1 | 7.1 | 9y ago | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. | |||
| CVE-2017-7725 | medium | 6.1 | 7.1 | 9y ago | Concrete CMS vulnerable to cross-site scripting (XSS) | |||
| CVE-2017-2445 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-6443 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. | |||
| CVE-2017-6547 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12… | |||
| CVE-2017-6478 | medium | 6.1 | 7.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter). | |||
| CVE-2017-2361 | medium | 6.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. | |||
| CVE-2017-12373 | medium | 5.9 | 6.9 | 9y ago | A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive i… | |||
| CVE-2017-17427 | medium | 5.9 | 6.9 | 9y ago | Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed … | |||
| CVE-2017-17382 | medium | 5.9 | 6.9 | 9y ago | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote … | |||
| CVE-2017-13099 | medium | 5.9 | 6.9 | 9y ago | wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL… | |||
| CVE-2017-13098 | medium | 5.9 | 6.9 | 9y ago | Observable Discrepancy in BouncyCastle |