CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10108 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Em… | |||
| CVE-2017-10093 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10069 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability al… | |||
| CVE-2017-10062 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Oracle Java Web Console). The supported version that is affected is 10. Easily exploitable vulnerability all… | |||
| CVE-2017-10053 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u1… | |||
| CVE-2017-10045 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Difficult to… | |||
| CVE-2017-9494 | medium | 5.3 | 5.3 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. | |||
| CVE-2017-9491 | medium | 5.3 | 5.3 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmw… | |||
| CVE-2017-7006 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-9339 | medium | 5.3 | 5.3 | 9y ago | A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowin… | |||
| CVE-2017-7685 | medium | 5.3 | 5.3 | 9y ago | Apache OpenMeetings responds to insecure HTTP methods | |||
| CVE-2017-10604 | medium | 5.3 | 5.3 | 9y ago | When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the r… | |||
| CVE-2017-6730 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected syst… | |||
| CVE-2017-6727 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition … | |||
| CVE-2017-2239 | medium | 5.3 | 5.3 | 9y ago | Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript. | |||
| CVE-2017-6721 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to rest… | |||
| CVE-2017-6040 | medium | 5.3 | 5.3 | 9y ago | An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously. | |||
| CVE-2017-6032 | medium | 5.3 | 5.3 | 9y ago | A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-f… | |||
| CVE-2017-1328 | medium | 5.3 | 5.3 | 9y ago | IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker… | |||
| CVE-2017-1117 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155. | |||
| CVE-2017-3215 | medium | 5.3 | 5.3 | 9y ago | The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions. | |||
| CVE-2017-0219 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker… | |||
| CVE-2017-0218 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker… | |||
| CVE-2017-0216 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malici… | |||
| CVE-2017-0215 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Wi… | |||
| CVE-2017-0173 | medium | 5.3 | 5.3 | 9y ago | Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Wi… | |||
| CVE-2017-4986 | medium | 5.3 | 5.3 | 9y ago | EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. | |||
| CVE-2017-9502 | medium | 5.3 | 5.3 | 9y ago | In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL witho… | |||
| CVE-2017-9434 | medium | 5.3 | 5.3 | 9y ago | Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. | |||
| CVE-2017-6039 | medium | 5.3 | 5.3 | 9y ago | A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device. | |||
| CVE-2017-2311 | medium | 5.3 | 5.3 | 9y ago | On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition. | |||
| CVE-2017-2310 | medium | 5.3 | 5.3 | 9y ago | A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. | |||
| CVE-2017-1292 | medium | 5.3 | 5.3 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153. | |||
| CVE-2017-6647 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected syste… | |||
| CVE-2017-6646 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vu… | |||
| CVE-2017-6645 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an a… | |||
| CVE-2017-6644 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerab… | |||
| CVE-2017-6643 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected sy… | |||
| CVE-2017-6642 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerab… | |||
| CVE-2017-6630 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. … | |||
| CVE-2017-4017 | medium | 5.3 | 5.3 | 9y ago | User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. | |||
| CVE-2017-4016 | medium | 5.3 | 5.3 | 9y ago | Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header. | |||
| CVE-2017-4013 | medium | 5.3 | 5.3 | 9y ago | Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. | |||
| CVE-2017-7490 | medium | 5.3 | 5.3 | 9y ago | Moodle Unauthorized searching of arbitrary blogs by typing full url | |||
| CVE-2017-0256 | medium | 5.3 | 5.3 | 9y ago | Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc | |||
| CVE-2017-0241 | medium | 5.3 | 5.3 | 9y ago | An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and a… | |||
| CVE-2017-0302 | medium | 5.3 | 5.3 | 9y ago | In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the req… | |||
| CVE-2017-6629 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected devi… | |||
| CVE-2017-6626 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve informatio… | |||
| CVE-2017-6624 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a conf… | |||
| CVE-2017-8459 | medium | 5.3 | 5.3 | 9y ago | Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have le… | |||
| CVE-2017-7428 | medium | 5.3 | 5.3 | 9y ago | NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. | |||
| CVE-2017-8388 | medium | 5.3 | 5.3 | 9y ago | GeniXCMS Mailbox validation logic vulnerability | |||
| CVE-2017-8385 | medium | 5.3 | 5.3 | 9y ago | Craft CMS subject to URL forgery | |||
| CVE-2017-8383 | medium | 5.3 | 5.3 | 9y ago | Craft CMS Unauthorized View | |||
| CVE-2017-2150 | medium | 5.3 | 5.3 | 9y ago | Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. | |||
| CVE-2017-2143 | medium | 5.3 | 5.3 | 9y ago | CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a c… | |||
| CVE-2017-2139 | medium | 5.3 | 5.3 | 9y ago | CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction… | |||
| CVE-2017-8301 | medium | 5.3 | 5.3 | 9y ago | LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callbac… | |||
| CVE-2017-1170 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230. | |||
| CVE-2017-8217 | medium | 5.3 | 5.3 | 9y ago | TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | |||
| CVE-2017-8115 | medium | 5.3 | 5.3 | 9y ago | Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | |||
| CVE-2017-8057 | medium | 5.3 | 5.3 | 9y ago | In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. | |||
| CVE-2017-7988 | medium | 5.3 | 5.3 | 9y ago | In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. | |||
| CVE-2017-7983 | medium | 5.3 | 5.3 | 9y ago | In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. | |||
| CVE-2017-3585 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface subsystem). The supported version that is affected is AK 2013. Eas… | |||
| CVE-2017-3567 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having… | |||
| CVE-2017-3556 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 an… | |||
| CVE-2017-3527 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable"… | |||
| CVE-2017-3502 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). The supported version that is affected is 9.2. Easily "exploitable" vul… | |||
| CVE-2017-3470 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications (subcomponent: Network). The supported version that is affected is 3.0.0. Easily "exploitab… | |||
| CVE-2017-3305 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vul… | |||
| CVE-2017-8104 | medium | 5.3 | 5.3 | 9y ago | In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | |||
| CVE-2017-1000360 | medium | 5.3 | 5.3 | 9y ago | OpenDaylight NULL Pointer Dereference | |||
| CVE-2017-1000359 | medium | 5.3 | 5.3 | 9y ago | Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. | |||
| CVE-2017-2340 | medium | 5.3 | 5.3 | 9y ago | On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in… | |||
| CVE-2017-2324 | medium | 5.3 | 5.3 | 9y ago | A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service … | |||
| CVE-2017-8078 | medium | 5.3 | 5.3 | 9y ago | On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8056 | medium | 5.3 | 5.3 | 9y ago | WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends… | |||
| CVE-2017-8055 | medium | 5.3 | 5.3 | 9y ago | WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier retu… | |||
| CVE-2017-5160 | medium | 5.3 | 5.3 | 9y ago | An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security witho… | |||
| CVE-2017-5653 | medium | 5.3 | 5.3 | 9y ago | Improper Certificate Validation in Apache CXF | |||
| CVE-2017-7627 | medium | 5.3 | 5.3 | 9y ago | The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check). | |||
| CVE-2017-7345 | medium | 5.3 | 5.3 | 9y ago | NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service t… | |||
| CVE-2017-6599 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to… | |||
| CVE-2017-1180 | medium | 5.3 | 5.3 | 9y ago | The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084. | |||
| CVE-2017-2414 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic c… | |||
| CVE-2017-2400 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leverag… | |||
| CVE-2017-2391 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are af… | |||
| CVE-2017-5184 | medium | 5.3 | 5.3 | 9y ago | A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | |||
| CVE-2017-1143 | medium | 5.3 | 5.3 | 9y ago | IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could… | |||
| CVE-2017-5238 | medium | 5.3 | 5.3 | 9y ago | Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. | |||
| CVE-2017-2643 | medium | 5.3 | 5.3 | 9y ago | Moodle Global search displays user names for unauthenticated users | |||
| CVE-2017-7264 | medium | 5.3 | 5.3 | 9y ago | Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unsp… | |||
| CVE-2017-6356 | medium | 5.3 | 5.3 | 9y ago | Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via … | |||
| CVE-2017-3879 | medium | 5.3 | 5.3 | 9y ago | A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a pro… | |||
| CVE-2017-3878 | medium | 5.3 | 5.3 | 9y ago | A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause… | |||
| CVE-2017-3875 | medium | 5.3 | 5.3 | 9y ago | An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypas… | |||
| CVE-2017-3867 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote… | |||
| CVE-2017-3815 | medium | 5.3 | 5.3 | 9y ago | An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerabil… |