CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3644 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-3643 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-3642 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows hig… | |||
| CVE-2017-3641 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily… | |||
| CVE-2017-3640 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-3639 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-3638 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows hig… | |||
| CVE-2017-12419 | medium | 4.9 | 4.9 | 9y ago | If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" sect… | |||
| CVE-2017-1495 | medium | 4.9 | 4.9 | 9y ago | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID… | |||
| CVE-2017-1370 | medium | 4.9 | 4.9 | 9y ago | IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X… | |||
| CVE-2017-11183 | medium | 4.9 | 4.9 | 9y ago | front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | |||
| CVE-2017-11440 | medium | 4.9 | 4.9 | 9y ago | In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. | |||
| CVE-2017-11405 | medium | 4.9 | 4.9 | 9y ago | In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/modu… | |||
| CVE-2017-11404 | medium | 4.9 | 4.9 | 9y ago | In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | |||
| CVE-2017-8003 | medium | 4.9 | 4.9 | 9y ago | EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized informa… | |||
| CVE-2017-6690 | medium | 4.9 | 4.9 | 9y ago | A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite o… | |||
| CVE-2017-6668 | medium | 4.9 | 4.9 | 9y ago | Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbi… | |||
| CVE-2017-5966 | medium | 4.9 | 4.9 | 9y ago | Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. | |||
| CVE-2017-6867 | medium | 4.9 | 4.9 | 9y ago | A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Pr… | |||
| CVE-2017-2117 | medium | 4.9 | 4.9 | 9y ago | Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | |||
| CVE-2017-3463 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 an… | |||
| CVE-2017-3462 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 an… | |||
| CVE-2017-3461 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 an… | |||
| CVE-2017-3460 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allo… | |||
| CVE-2017-3459 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows h… | |||
| CVE-2017-3458 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high pr… | |||
| CVE-2017-3457 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high pr… | |||
| CVE-2017-3456 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily… | |||
| CVE-2017-3886 | medium | 4.9 | 4.9 | 9y ago | A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries,… | |||
| CVE-2017-6816 | medium | 4.9 | 4.9 | 9y ago | In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | |||
| CVE-2017-5573 | medium | 4.9 | 4.9 | 10y ago | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators. | |||
| CVE-2017-3277 | medium | 4.9 | 4.9 | 10y ago | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. E… | |||
| CVE-2017-3251 | medium | 4.9 | 4.9 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows hig… | |||
| CVE-2017-7400 | medium | 4.8 | 4.8 | 4y ago | OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | |||
| CVE-2017-17089 | medium | 4.8 | 4.8 | 9y ago | custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | |||
| CVE-2017-17988 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | |||
| CVE-2017-17986 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | |||
| CVE-2017-17985 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | |||
| CVE-2017-17984 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | |||
| CVE-2017-17940 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | |||
| CVE-2017-17938 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | |||
| CVE-2017-16768 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | |||
| CVE-2017-17929 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | |||
| CVE-2017-17925 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | |||
| CVE-2017-17909 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. | |||
| CVE-2017-17828 | medium | 4.8 | 4.8 | 9y ago | Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter. | |||
| CVE-2017-17825 | medium | 4.8 | 4.8 | 9y ago | The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit … | |||
| CVE-2017-17778 | medium | 4.8 | 4.8 | 9y ago | Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter. | |||
| CVE-2017-15890 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | |||
| CVE-2017-16789 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authent… | |||
| CVE-2017-14018 | medium | 4.8 | 4.8 | 9y ago | An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used b… | |||
| CVE-2017-13700 | medium | 4.8 | 4.8 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. | |||
| CVE-2017-1000213 | medium | 4.8 | 4.8 | 9y ago | WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | |||
| CVE-2017-16842 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script o… | |||
| CVE-2017-16758 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web … | |||
| CVE-2017-16569 | medium | 4.8 | 4.8 | 9y ago | An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | |||
| CVE-2017-15039 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | |||
| CVE-2017-1000144 | medium | 4.8 | 4.8 | 9y ago | Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, w… | |||
| CVE-2017-1000132 | medium | 4.8 | 4.8 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to do… | |||
| CVE-2017-15948 | medium | 4.8 | 4.8 | 9y ago | Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admi… | |||
| CVE-2017-15911 | medium | 4.8 | 4.8 | 9y ago | Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console | |||
| CVE-2017-15881 | medium | 4.8 | 4.8 | 9y ago | Cross-Site Scripting in keystone | |||
| CVE-2017-15872 | medium | 4.8 | 4.8 | 9y ago | phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. | |||
| CVE-2017-15728 | medium | 4.8 | 4.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. | |||
| CVE-2017-10386 | medium | 4.8 | 4.8 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily explo… | |||
| CVE-2017-10161 | medium | 4.8 | 4.8 | 9y ago | Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Services Security). Supported versions that are affected are 6.1.3.0 and 6.2… | |||
| CVE-2017-15188 | medium | 4.8 | 4.8 | 9y ago | A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array par… | |||
| CVE-2017-15008 | medium | 4.8 | 4.8 | 9y ago | PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element. | |||
| CVE-2017-9537 | medium | 4.8 | 4.8 | 9y ago | Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various v… | |||
| CVE-2017-14983 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object paramet… | |||
| CVE-2017-14651 | medium | 4.8 | 4.8 | 9y ago | WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | |||
| CVE-2017-14597 | medium | 4.8 | 4.8 | 9y ago | AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. | |||
| CVE-2017-12844 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user n… | |||
| CVE-2017-10149 | medium | 4.8 | 4.8 | 9y ago | Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.… | |||
| CVE-2017-10063 | medium | 4.8 | 4.8 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Dif… | |||
| CVE-2017-12572 | medium | 4.8 | 4.8 | 9y ago | Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrat… | |||
| CVE-2017-3742 | medium | 4.8 | 4.8 | 9y ago | In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for th… | |||
| CVE-2017-8000 | medium | 4.8 | 4.8 | 9y ago | In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database… | |||
| CVE-2017-2146 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. | |||
| CVE-2017-9836 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating… | |||
| CVE-2017-9452 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||
| CVE-2017-9366 | medium | 4.8 | 4.8 | 9y ago | Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2017-3128 | medium | 4.8 | 4.8 | 9y ago | A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | |||
| CVE-2017-8780 | medium | 4.8 | 4.8 | 9y ago | GeniXCMS Cross-site Scripting | |||
| CVE-2017-2387 | medium | 4.8 | 4.8 | 9y ago | The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt… | |||
| CVE-2017-7309 | medium | 4.8 | 4.8 | 9y ago | MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php | |||
| CVE-2017-7241 | medium | 4.8 | 4.8 | 9y ago | MantisBT XSS via move_attachments_page.php | |||
| CVE-2017-6973 | medium | 4.8 | 4.8 | 9y ago | MantisBT XSS via adm_config_report.php's action parameter | |||
| CVE-2017-16355 | medium | 4.7 | 4.7 | 4y ago | In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the co… | |||
| CVE-2017-16678 | medium | 4.7 | 4.7 | 9y ago | Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attack… | |||
| CVE-2017-17449 | medium | 4.7 | 4.7 | 9y ago | The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net… | |||
| CVE-2017-17383 | medium | 4.7 | 4.7 | 9y ago | Cross-site Scripting in Jenkins Core | |||
| CVE-2017-12345 | medium | 4.7 | 4.7 | 9y ago | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicio… | |||
| CVE-2017-8148 | medium | 4.7 | 4.7 | 9y ago | Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the … | |||
| CVE-2017-11880 | medium | 4.7 | 4.7 | 9y ago | Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attac… | |||
| CVE-2017-11852 | medium | 4.7 | 4.7 | 9y ago | Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's sys… | |||
| CVE-2017-11851 | medium | 4.7 | 4.7 | 9y ago | The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016… | |||
| CVE-2017-11849 | medium | 4.7 | 4.7 | 9y ago | Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, … | |||
| CVE-2017-11842 | medium | 4.7 | 4.7 | 9y ago | Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a… | |||
| CVE-2017-11832 | medium | 4.7 | 4.7 | 9y ago | The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not i… |