CVEs from 2017
Total
11,607
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10329 | critical | 9.1 | 9.1 | 9y ago | Vulnerability in the Oracle Global Order Promising component of Oracle E-Business Suite (subcomponent: Reschedule Sales Orders). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.… | |||
| CVE-2017-8805 | critical | 9.1 | 9.1 | 9y ago | Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror. | |||
| CVE-2017-7544 | critical | 9.1 | 9.1 | 9y ago | libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data … | |||
| CVE-2017-14608 | critical | 9.1 | 9.1 | 9y ago | In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to … | |||
| CVE-2017-12883 | critical | 9.1 | 9.1 | 9y ago | Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of se… | |||
| CVE-2017-0898 | critical | 9.1 | 9.1 | 9y ago | Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting … | |||
| CVE-2017-12249 | critical | 9.1 | 9.1 | 9y ago | A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to… | |||
| CVE-2017-14230 | critical | 9.1 | 9.1 | 9y ago | In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow re… | |||
| CVE-2017-14122 | critical | 9.1 | 9.1 | 9y ago | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. | |||
| CVE-2017-10833 | critical | 9.1 | 9.1 | 9y ago | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. | |||
| CVE-2017-1383 | critical | 9.1 | 9.1 | 9y ago | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to exp… | |||
| CVE-2017-11694 | critical | 9.1 | 9.1 | 9y ago | MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate direct… | |||
| CVE-2017-11693 | critical | 9.1 | 9.1 | 9y ago | MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate … | |||
| CVE-2017-2277 | critical | 9.1 | 9.1 | 9y ago | WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. | |||
| CVE-2017-9788 | critical | 9.1 | 9.1 | 9y ago | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assi… | |||
| CVE-2017-11147 | critical | 9.1 | 9.1 | 9y ago | In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due … | |||
| CVE-2017-6711 | critical | 9.1 | 9.1 | 9y ago | A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulne… | |||
| CVE-2017-10917 | critical | 9.1 | 9.1 | 9y ago | Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly o… | |||
| CVE-2017-2782 | critical | 9.1 | 9.1 | 9y ago | An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, l… | |||
| CVE-2017-9097 | critical | 9.1 | 9.1 | 9y ago | In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, a… | |||
| CVE-2017-7337 | critical | 9.1 | 9.1 | 9y ago | An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen ses… | |||
| CVE-2017-9053 | critical | 9.1 | 9.1 | 9y ago | An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in … | |||
| CVE-2017-8872 | critical | 9.1 | 9.1 | 9y ago | The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. | |||
| CVE-2017-8827 | critical | 9.1 | 9.1 | 9y ago | GeniXCMS Arbitrary User Password Reset Vulnerability | |||
| CVE-2017-7229 | critical | 9.1 | 9.1 | 9y ago | PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-… | |||
| CVE-2017-6520 | critical | 9.1 | 9.1 | 9y ago | The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a de… | |||
| CVE-2017-6519 | critical | 9.1 | 9.1 | 9y ago | avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (tra… | |||
| CVE-2017-3508 | critical | 9.1 | 9.1 | 9y ago | Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2,… | |||
| CVE-2017-5648 | critical | 9.1 | 9.1 | 9y ago | While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use th… | |||
| CVE-2017-7357 | critical | 9.1 | 9.1 | 9y ago | Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | |||
| CVE-2017-2989 | critical | 9.1 | 9.1 | 9y ago | Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. | |||
| CVE-2017-7226 | critical | 9.1 | 9.1 | 9y ago | The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses… | |||
| CVE-2017-6969 | critical | 9.1 | 9.1 | 9y ago | readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak a… | |||
| CVE-2017-2968 | critical | 9.1 | 9.1 | 9y ago | Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | |||
| CVE-2017-5152 | critical | 9.1 | 9.1 | 9y ago | An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICA… | |||
| CVE-2017-5142 | critical | 9.1 | 9.1 | 9y ago | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the pa… | |||
| CVE-2017-5539 | critical | 9.1 | 9.1 | 10y ago | The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit t… | |||
| CVE-2017-5545 | critical | 9.1 | 9.1 | 10y ago | The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via App… | |||
| CVE-2017-5209 | critical | 9.1 | 9.1 | 10y ago | The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) vi… | |||
| CVE-2017-14591 | critical | 9.0 | 9.0 | 9y ago | Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary cod… | |||
| CVE-2017-10102 | critical | 9.0 | 9.0 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Diff… | |||
| CVE-2017-4919 | critical | 9.0 | 9.0 | 9y ago | VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | |||
| CVE-2017-5691 | critical | 9.0 | 9.0 | 9y ago | Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows… | |||
| CVE-2017-10915 | critical | 9.0 | 9.0 | 9y ago | The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. | |||
| CVE-2017-2292 | critical | 9.0 | 9.0 | 9y ago | Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.sa… | |||
| CVE-2017-5206 | critical | 9.0 | 9.0 | 9y ago | Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. | |||
| CVE-2017-0021 | critical | 9.0 | 9.0 | 9y ago | Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Str… | |||
| CVE-2017-2787 | critical | 9.0 | 9.0 | 9y ago | A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buf… | |||
| CVE-2017-2684 | critical | 9.0 | 9.0 | 9y ago | Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level au… | |||
| CVE-2017-3310 | critical | 9.0 | 9.0 | 10y ago | Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having C… | |||
| CVE-2017-5607 | low | 3.5 | 4.5 | 9y ago | Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 a… | |||
| CVE-2017-5686 | low | 3.9 | 3.9 | 9y ago | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. | |||
| CVE-2017-5685 | low | 3.9 | 3.9 | 9y ago | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. | |||
| CVE-2017-5684 | low | 3.9 | 3.9 | 9y ago | The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. | |||
| CVE-2017-9369 | low | 3.8 | 3.8 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to g… | |||
| CVE-2017-3892 | low | 3.8 | 3.8 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating t… | |||
| CVE-2017-10365 | low | 3.8 | 3.8 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high p… | |||
| CVE-2017-4896 | low | 3.8 | 3.8 | 9y ago | Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthoriz… | |||
| CVE-2017-7995 | low | 3.8 | 3.8 | 9y ago | Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in th… | |||
| CVE-2017-20200 | low | 3.7 | 3.7 | 9mo ago | A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launch… | |||
| CVE-2017-15321 | low | 3.7 | 3.7 | 9y ago | Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets tran… | |||
| CVE-2017-1497 | low | 3.7 | 3.7 | 9y ago | IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | |||
| CVE-2017-1355 | low | 3.7 | 3.7 | 9y ago | IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, … | |||
| CVE-2017-1341 | low | 3.7 | 3.7 | 9y ago | IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. | |||
| CVE-2017-17433 | low | 3.7 | 3.7 | 9y ago | The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_f… | |||
| CVE-2017-8822 | low | 3.7 | 3.7 | 9y ago | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick th… | |||
| CVE-2017-15528 | low | 3.7 | 3.7 | 9y ago | Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pu… | |||
| CVE-2017-1228 | low | 3.7 | 3.7 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An a… | |||
| CVE-2017-7084 | low | 3.7 | 3.7 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in o… | |||
| CVE-2017-10341 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to… | |||
| CVE-2017-10166 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult… | |||
| CVE-2017-14595 | low | 3.7 | 3.7 | 9y ago | In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. | |||
| CVE-2017-10856 | low | 3.7 | 3.7 | 9y ago | SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially … | |||
| CVE-2017-1520 | low | 3.7 | 3.7 | 9y ago | IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. | |||
| CVE-2017-3650 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticat… | |||
| CVE-2017-2137 | low | 3.7 | 3.7 | 9y ago | ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. | |||
| CVE-2017-3544 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed… | |||
| CVE-2017-3533 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed… | |||
| CVE-2017-3469 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulne… | |||
| CVE-2017-3467 | low | 3.7 | 3.7 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unaut… | |||
| CVE-2017-0159 | low | 3.7 | 3.7 | 9y ago | A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, ak… | |||
| CVE-2017-5930 | low | 2.7 | 3.7 | 9y ago | The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission ch… | |||
| CVE-2017-5865 | low | 3.7 | 3.7 | 9y ago | The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is v… | |||
| CVE-2017-5928 | low | 3.7 | 3.7 | 9y ago | The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the http… | |||
| CVE-2017-3323 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. … | |||
| CVE-2017-3322 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and .… | |||
| CVE-2017-3321 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Di… | |||
| CVE-2017-3259 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allow… | |||
| CVE-2017-1353 | low | 3.5 | 3.5 | 9y ago | IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 12668… | |||
| CVE-2017-2730 | low | 3.5 | 3.5 | 9y ago | HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these AP… | |||
| CVE-2017-10308 | low | 3.5 | 3.5 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Performance). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnera… | |||
| CVE-2017-10014 | low | 3.5 | 3.5 | 9y ago | Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vul… | |||
| CVE-2017-5244 | low | 3.5 | 3.5 | 9y ago | Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of t… | |||
| CVE-2017-2161 | low | 3.5 | 3.5 | 9y ago | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access re… | |||
| CVE-2017-9139 | low | 3.5 | 3.5 | 9y ago | There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (… | |||
| CVE-2017-0895 | low | 3.5 | 3.5 | 9y ago | Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been… | |||
| CVE-2017-0892 | low | 3.5 | 3.5 | 9y ago | Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | |||
| CVE-2017-3235 | low | 3.5 | 3.5 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2017-10088 | low | 3.4 | 3.4 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-9856 | low | 3.4 | 3.4 | 9y ago | An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption alg… |