CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5065 | medium | 4.7 | 4.7 | 9y ago | multiple issues in chromium | |||
| CVE-2017-12618 | medium | 4.7 | 4.7 | 9y ago | Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A loc… | |||
| CVE-2017-10382 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easil… | |||
| CVE-2017-10380 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to… | |||
| CVE-2017-10318 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable … | |||
| CVE-2017-11817 | medium | 4.7 | 4.7 | 9y ago | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-13721 | medium | 4.7 | 4.7 | 9y ago | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared mem… | |||
| CVE-2017-9676 | medium | 4.7 | 4.7 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a… | |||
| CVE-2017-8281 | medium | 4.7 | 4.7 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | |||
| CVE-2017-8719 | medium | 4.7 | 4.7 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-8709 | medium | 4.7 | 4.7 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-1434 | medium | 4.7 | 4.7 | 9y ago | IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. | |||
| CVE-2017-14159 | medium | 4.7 | 4.7 | 9y ago | slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-roo… | |||
| CVE-2017-9682 | medium | 4.7 | 4.7 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | |||
| CVE-2017-8627 | medium | 4.7 | 4.7 | 9y ago | Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability". | |||
| CVE-2017-10252 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Diffic… | |||
| CVE-2017-10251 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54 and 8.55. Difficult to exp… | |||
| CVE-2017-10250 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vul… | |||
| CVE-2017-10020 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Diffic… | |||
| CVE-2017-10015 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Designer). Supported versions that are affected are 8.54 and 8.55. Difficult … | |||
| CVE-2017-8486 | medium | 4.7 | 4.7 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an informati… | |||
| CVE-2017-1284 | medium | 4.7 | 4.7 | 9y ago | IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM… | |||
| CVE-2017-8554 | medium | 4.7 | 4.7 | 9y ago | The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 a… | |||
| CVE-2017-8553 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows … | |||
| CVE-2017-0651 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it f… | |||
| CVE-2017-0650 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low beca… | |||
| CVE-2017-4899 | medium | 4.7 | 4.7 | 9y ago | VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. … | |||
| CVE-2017-2500 | medium | 4.7 | 4.7 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web s… | |||
| CVE-2017-9079 | medium | 4.7 | 4.7 | 9y ago | Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is re… | |||
| CVE-2017-9071 | medium | 4.7 | 4.7 | 9y ago | MODX Revolution XSS via HTTP Host header | |||
| CVE-2017-0634 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate… | |||
| CVE-2017-0633 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2017-0632 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate … | |||
| CVE-2017-0631 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0630 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0629 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0628 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0627 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it… | |||
| CVE-2017-0603 | medium | 4.7 | 4.7 | 9y ago | A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because i… | |||
| CVE-2017-0354 | medium | 4.7 | 4.7 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made unde… | |||
| CVE-2017-8372 | medium | 4.7 | 4.7 | 9y ago | The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafte… | |||
| CVE-2017-3535 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-3495 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily "… | |||
| CVE-2017-3494 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Retail Teller). Supported versions that are affected are 11.3.0, 11.4.0, 12.0… | |||
| CVE-2017-3480 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and … | |||
| CVE-2017-3471 | medium | 4.7 | 4.7 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Eas… | |||
| CVE-2017-5969 | medium | 4.7 | 4.7 | 9y ago | libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of… | |||
| CVE-2017-0586 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0585 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0584 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0330 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because… | |||
| CVE-2017-0328 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because… | |||
| CVE-2017-6184 | medium | 4.7 | 4.7 | 9y ago | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. | |||
| CVE-2017-0027 | medium | 4.7 | 4.7 | 9y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive inf… | |||
| CVE-2017-6061 | medium | 4.7 | 4.7 | 9y ago | Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET requ… | |||
| CVE-2017-6883 | medium | 4.7 | 4.7 | 9y ago | The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read a… | |||
| CVE-2017-0537 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate bec… | |||
| CVE-2017-0536 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate… | |||
| CVE-2017-0535 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2017-0534 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0533 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0532 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate … | |||
| CVE-2017-0531 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0497 | medium | 4.7 | 4.7 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an unco… | |||
| CVE-2017-0461 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0459 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-0452 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it… | |||
| CVE-2017-0451 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2017-3313 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Dif… | |||
| CVE-2017-3283 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12… | |||
| CVE-2017-3282 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12… | |||
| CVE-2017-3281 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12… | |||
| CVE-2017-3280 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12… | |||
| CVE-2017-3245 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily e… | |||
| CVE-2017-3236 | medium | 4.7 | 4.7 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2017-3803 | medium | 4.7 | 4.7 | 10y ago | A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue … | |||
| CVE-2017-8173 | medium | 4.6 | 4.6 | 9y ago | Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 v… | |||
| CVE-2017-8171 | medium | 4.6 | 4.6 | 9y ago | Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory… | |||
| CVE-2017-8161 | medium | 4.6 | 4.6 | 9y ago | EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 … | |||
| CVE-2017-8152 | medium | 4.6 | 4.6 | 9y ago | Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access f… | |||
| CVE-2017-2721 | medium | 4.6 | 4.6 | 9y ago | Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150C… | |||
| CVE-2017-2710 | medium | 4.6 | 4.6 | 9y ago | BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, e… | |||
| CVE-2017-2708 | medium | 4.6 | 4.6 | 9y ago | The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory rese… | |||
| CVE-2017-10890 | medium | 4.6 | 4.6 | 9y ago | Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versio… | |||
| CVE-2017-13786 | medium | 4.6 | 4.6 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryptio… | |||
| CVE-2017-10375 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vu… | |||
| CVE-2017-10306 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows… | |||
| CVE-2017-10197 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Folios). The supported version that is affected is 5.4.2.x through 5.5.1.… | |||
| CVE-2017-5695 | medium | 4.6 | 4.6 | 9y ago | Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF… | |||
| CVE-2017-5694 | medium | 4.6 | 4.6 | 9y ago | Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2017-10187 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows h… | |||
| CVE-2017-10168 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Windows). The supported version that is affected is 1.1. Difficult to exploit vulnera… | |||
| CVE-2017-10010 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: FileUploads). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and … | |||
| CVE-2017-9495 | medium | 4.6 | 4.6 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an RF4… | |||
| CVE-2017-8769 | medium | 4.6 | 4.6 | 9y ago | Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat… | |||
| CVE-2017-8924 | medium | 4.6 | 4.6 | 9y ago | The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uniniti… | |||
| CVE-2017-8900 | medium | 4.6 | 4.6 | 9y ago | LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users… | |||
| CVE-2017-5625 | medium | 4.6 | 4.6 | 9y ago | In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by … | |||
| CVE-2017-3536 | medium | 4.6 | 4.6 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" v… | |||
| CVE-2017-7305 | medium | 4.6 | 4.6 | 9y ago | Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: … |