CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6370 | medium | 5.3 | 5.3 | 9y ago | TYPO3 Information Disclosure Vulnerability | |||
| CVE-2017-6955 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immut… | |||
| CVE-2017-0128 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0127 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0126 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0125 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0124 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0123 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0122 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0121 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2017-0120 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0119 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0118 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2017-0117 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0116 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0115 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0114 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0113 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0112 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0111 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0092 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0091 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0085 | medium | 4.3 | 5.3 | 9y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka… | |||
| CVE-2017-0043 | medium | 5.3 | 5.3 | 9y ago | Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive … | |||
| CVE-2017-5537 | medium | 5.3 | 5.3 | 9y ago | The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate use… | |||
| CVE-2017-3842 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information store… | |||
| CVE-2017-6072 | medium | 5.3 | 5.3 | 9y ago | CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. | |||
| CVE-2017-6071 | medium | 5.3 | 5.3 | 9y ago | CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml. | |||
| CVE-2017-0423 | medium | 5.3 | 5.3 | 10y ago | An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitat… | |||
| CVE-2017-3822 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the aud… | |||
| CVE-2017-3806 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to injec… | |||
| CVE-2017-5610 | medium | 5.3 | 5.3 | 10y ago | wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypas… | |||
| CVE-2017-3311 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0… | |||
| CVE-2017-3297 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Framework). Supported versions that are affected are 12.0.2 and 12.0.3. Difficul… | |||
| CVE-2017-3262 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauth… | |||
| CVE-2017-3805 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without au… | |||
| CVE-2017-3797 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCv… | |||
| CVE-2017-5541 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder… | |||
| CVE-2017-2576 | medium | 5.3 | 5.3 | 10y ago | Moodle Incorrect sanitation of attributes in forums | |||
| CVE-2017-5491 | medium | 5.3 | 5.3 | 10y ago | wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. | |||
| CVE-2017-10209 | medium | 5.2 | 5.2 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |||
| CVE-2017-17556 | medium | 5.1 | 5.1 | 9y ago | A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | |||
| CVE-2017-10419 | medium | 5.1 | 5.1 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnera… | |||
| CVE-2017-10054 | medium | 5.1 | 5.1 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The supported version that is affected is 7.30.564.0. Easily expl… | |||
| CVE-2017-6706 | medium | 5.1 | 5.1 | 9y ago | A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd072… | |||
| CVE-2017-3505 | medium | 5.1 | 5.1 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-3504 | medium | 5.1 | 5.1 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-12297 | medium | 5.0 | 5.0 | 9y ago | A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due… | |||
| CVE-2017-1340 | medium | 5.0 | 5.0 | 9y ago | IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455. | |||
| CVE-2017-15874 | medium | 5.0 | 5.0 | 9y ago | archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. | |||
| CVE-2017-10428 | medium | 5.0 | 5.0 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows… | |||
| CVE-2017-10275 | medium | 5.0 | 5.0 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). The supported version that is affected is AK 2013. Easily exploitabl… | |||
| CVE-2017-10033 | medium | 4.0 | 5.0 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Supported versions that are affected are 11.1.1.8.0 and 12.2.1.2.0. Difficult to explo… | |||
| CVE-2017-10617 | medium | 5.0 | 5.0 | 9y ago | The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks… | |||
| CVE-2017-15185 | medium | 5.0 | 5.0 | 9y ago | plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (… | |||
| CVE-2017-9649 | medium | 5.0 | 5.0 | 9y ago | A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1… | |||
| CVE-2017-6774 | medium | 5.0 | 5.0 | 9y ago | A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system fi… | |||
| CVE-2017-10221 | medium | 5.0 | 5.0 | 9y ago | Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulne… | |||
| CVE-2017-2245 | medium | 5.0 | 5.0 | 9y ago | Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2017-8475 | medium | 5.0 | 5.0 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specia… | |||
| CVE-2017-8474 | medium | 5.0 | 5.0 | 9y ago | The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an a… | |||
| CVE-2017-0297 | medium | 5.0 | 5.0 | 9y ago | The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an a… | |||
| CVE-2017-3475 | medium | 5.0 | 5.0 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 … | |||
| CVE-2017-6440 | medium | 5.0 | 5.0 | 9y ago | The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. | |||
| CVE-2017-6439 | medium | 5.0 | 5.0 | 9y ago | Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist fi… | |||
| CVE-2017-6437 | medium | 5.0 | 5.0 | 9y ago | The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file. | |||
| CVE-2017-6436 | medium | 5.0 | 5.0 | 9y ago | The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. | |||
| CVE-2017-6435 | medium | 5.0 | 5.0 | 9y ago | The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file. | |||
| CVE-2017-17824 | medium | 4.9 | 4.9 | 9y ago | The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the … | |||
| CVE-2017-17823 | medium | 4.9 | 4.9 | 9y ago | The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a conne… | |||
| CVE-2017-17822 | medium | 4.9 | 4.9 | 9y ago | The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MyS… | |||
| CVE-2017-4942 | medium | 4.9 | 4.9 | 9y ago | VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administ… | |||
| CVE-2017-15053 | medium | 4.9 | 4.9 | 9y ago | TeamPass Improper Privilege Management | |||
| CVE-2017-15052 | medium | 4.9 | 4.9 | 9y ago | TeamPass Improper Privilege Management | |||
| CVE-2017-16946 | medium | 4.9 | 4.9 | 9y ago | The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | |||
| CVE-2017-16661 | medium | 4.9 | 4.9 | 9y ago | Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by file… | |||
| CVE-2017-14023 | medium | 4.9 | 4.9 | 9y ago | An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been i… | |||
| CVE-2017-1000145 | medium | 4.9 | 4.9 | 9y ago | Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disa… | |||
| CVE-2017-7083 | medium | 4.9 | 4.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwo… | |||
| CVE-2017-10320 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high p… | |||
| CVE-2017-10314 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable v… | |||
| CVE-2017-10313 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows… | |||
| CVE-2017-10311 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-10296 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-10294 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable v… | |||
| CVE-2017-10284 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability all… | |||
| CVE-2017-10279 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable v… | |||
| CVE-2017-10227 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable v… | |||
| CVE-2017-10165 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows h… | |||
| CVE-2017-9538 | medium | 4.9 | 4.9 | 9y ago | The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit… | |||
| CVE-2017-14601 | medium | 4.9 | 4.9 | 9y ago | Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | |||
| CVE-2017-14600 | medium | 4.9 | 4.9 | 9y ago | Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | |||
| CVE-2017-2254 | medium | 4.9 | 4.9 | 9y ago | Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input | |||
| CVE-2017-10841 | medium | 4.9 | 4.9 | 9y ago | Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2017-12077 | medium | 4.9 | 4.9 | 9y ago | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resourc… | |||
| CVE-2017-12076 | medium | 4.9 | 4.9 | 9y ago | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources… | |||
| CVE-2017-6777 | medium | 4.9 | 4.9 | 9y ago | A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to i… | |||
| CVE-2017-7737 | medium | 4.9 | 4.9 | 9y ago | An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | |||
| CVE-2017-3646 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privile… | |||
| CVE-2017-3645 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows hig… |