CVEs from 2017
Total
11,610
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6086 | high | 8.8 | 9.8 | 9y ago | ViMbAdmin CSRF Vulnerabilities | |||
| CVE-2017-2491 | high | 8.8 | 9.8 | 9y ago | Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. | |||
| CVE-2017-9757 | high | 8.8 | 9.8 | 9y ago | IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF. | |||
| CVE-2017-0283 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 S… | |||
| CVE-2017-9603 | high | 8.8 | 9.8 | 9y ago | SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. | |||
| CVE-2017-9429 | high | 8.8 | 9.8 | 9y ago | SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | |||
| CVE-2017-9418 | high | 8.8 | 9.8 | 9y ago | SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. | |||
| CVE-2017-9462 | high | 8.8 | 9.8 | 9y ago | In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | |||
| CVE-2017-8836 | high | 8.8 | 9.8 | 9y ago | CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative inte… | |||
| CVE-2017-9380 | high | 8.8 | 9.8 | 9y ago | OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | |||
| CVE-2017-6984 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The is… | |||
| CVE-2017-6980 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2547 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2536 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2531 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2521 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2515 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2514 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-9080 | high | 8.8 | 9.8 | 9y ago | PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. | |||
| CVE-2017-6048 | high | 8.8 | 9.8 | 9y ago | A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, an… | |||
| CVE-2017-7952 | high | 8.8 | 9.8 | 9y ago | INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | |||
| CVE-2017-8928 | high | 8.8 | 9.8 | 9y ago | mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | |||
| CVE-2017-3068 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execut… | |||
| CVE-2017-7981 | high | 8.8 | 9.8 | 9y ago | Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before … | |||
| CVE-2017-1274 | high | 8.8 | 9.8 | 9y ago | IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Fo… | |||
| CVE-2017-7221 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by levera… | |||
| CVE-2017-3576 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3563 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3561 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-7852 | high | 8.8 | 9.8 | 9y ago | D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the … | |||
| CVE-2017-7692 | high | 8.8 | 9.8 | 9y ago | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit … | |||
| CVE-2017-7615 | high | 8.8 | 9.8 | 9y ago | MantisBT allows arbitrary password reset | |||
| CVE-2017-3006 | high | 8.8 | 9.8 | 9y ago | Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. | |||
| CVE-2017-7447 | high | 8.8 | 9.8 | 9y ago | HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code. | |||
| CVE-2017-7446 | high | 8.8 | 9.8 | 9y ago | HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. | |||
| CVE-2017-7398 | high | 8.8 | 9.8 | 9y ago | D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin i… | |||
| CVE-2017-2476 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2471 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-… | |||
| CVE-2017-2470 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2469 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2468 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2466 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2464 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2460 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2459 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2457 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitr… | |||
| CVE-2017-2455 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2454 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2446 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-5671 | high | 8.8 | 9.8 | 9y ago | Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, whic… | |||
| CVE-2017-6087 | high | 8.8 | 9.8 | 9y ago | EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3… | |||
| CVE-2017-5869 | high | 8.8 | 9.8 | 9y ago | Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in … | |||
| CVE-2017-6971 | high | 8.8 | 9.8 | 9y ago | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving t… | |||
| CVE-2017-6803 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication… | |||
| CVE-2017-7178 | high | 8.8 | 9.8 | 9y ago | CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) caus… | |||
| CVE-2017-0090 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0089 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0088 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote… | |||
| CVE-2017-0087 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0086 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0084 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2017-0083 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-0072 | high | 8.8 | 9.8 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex… | |||
| CVE-2017-6366 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that pe… | |||
| CVE-2017-6896 | high | 8.8 | 9.8 | 9y ago | Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session… | |||
| CVE-2017-6398 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is … | |||
| CVE-2017-6823 | high | 8.8 | 9.8 | 9y ago | Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | |||
| CVE-2017-6529 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter. | |||
| CVE-2017-6549 | high | 8.8 | 9.8 | 9y ago | Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B… | |||
| CVE-2017-6411 | high | 8.8 | 9.8 | 9y ago | Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | |||
| CVE-2017-2373 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2369 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2362 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2992 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2988 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code executi… | |||
| CVE-2017-2986 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2985 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execut… | |||
| CVE-2017-5180 | high | 8.8 | 9.8 | 9y ago | Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users … | |||
| CVE-2017-3807 | high | 8.8 | 9.8 | 9y ago | A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause… | |||
| CVE-2017-3823 | high | 8.8 | 9.8 | 10y ago | An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plug… | |||
| CVE-2017-5473 | high | 8.8 | 9.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user… | |||
| CVE-2017-2935 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitra… | |||
| CVE-2017-2934 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execut… | |||
| CVE-2017-2933 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2932 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2931 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code exe… | |||
| CVE-2017-2930 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead … | |||
| CVE-2017-15644 | high | 8.6 | 9.6 | 9y ago | SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | |||
| CVE-2017-3558 | high | 8.5 | 9.5 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" v… | |||
| CVE-2017-3587 | high | 8.4 | 9.4 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "explo… | |||
| CVE-2017-6970 | high | 8.4 | 9.4 | 9y ago | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | |||
| CVE-2017-3316 | high | 8.4 | 9.4 | 10y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily explo… | |||
| CVE-2017-11322 | high | 8.2 | 9.2 | 9y ago | The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | |||
| CVE-2017-10246 | high | 8.2 | 9.2 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. … | |||
| CVE-2017-7228 | high | 8.2 | 9.2 | 9y ago | An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, al… | |||
| CVE-2017-16929 | high | 8.1 | 9.1 | 9y ago | The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a re… | |||
| CVE-2017-13872 | high | 8.1 | 9.1 | 9y ago | An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain a… | |||
| CVE-2017-15806 | high | 8.1 | 9.1 | 9y ago | Zeta Components Mail Arbitrary code execution via a crafted email address | |||
| CVE-2017-7115 | high | 8.1 | 9.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrar… | |||
| CVE-2017-14084 | high | 8.1 | 9.1 | 9y ago | A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. |