CVEs from 2017
Total
11,611
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7494 | high | — | 10.0 | 3y ago | Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it. | |||
| CVE-2017-8291 | high | — | 10.0 | 4y ago | Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile. | |||
| CVE-2017-16651 | high | — | 10.0 | 5y ago | Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. | |||
| CVE-2017-17095 | high | 8.8 | 9.8 | 3y ago | RHSA-2025:4658: libtiff security update (Moderate) | |||
| CVE-2017-17874 | high | 8.8 | 9.8 | 9y ago | Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | |||
| CVE-2017-5261 | high | 8.8 | 9.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to … | |||
| CVE-2017-5260 | high | 8.8 | 9.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' acco… | |||
| CVE-2017-5259 | high | 8.8 | 9.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/sysc… | |||
| CVE-2017-5255 | high | 8.8 | 9.8 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-… | |||
| CVE-2017-5254 | high | 8.8 | 9.8 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after di… | |||
| CVE-2017-15049 | high | 8.8 | 9.8 | 9y ago | The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary… | |||
| CVE-2017-15048 | high | 8.8 | 9.8 | 9y ago | Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handle… | |||
| CVE-2017-17405 | high | 8.8 | 9.8 | 9y ago | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument star… | |||
| CVE-2017-5264 | high | 8.8 | 9.8 | 9y ago | Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site requ… | |||
| CVE-2017-17615 | high | 8.8 | 9.8 | 9y ago | Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. | |||
| CVE-2017-11319 | high | 8.8 | 9.8 | 9y ago | Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and m… | |||
| CVE-2017-16921 | high | 8.8 | 9.8 | 9y ago | In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form paramete… | |||
| CVE-2017-15889 | high | 8.8 | 9.8 | 9y ago | Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | |||
| CVE-2017-7851 | high | 8.8 | 9.8 | 9y ago | D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | |||
| CVE-2017-13802 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13798 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13797 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13796 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13795 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13794 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13792 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13791 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13785 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13784 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13783 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-12969 | high | 8.8 | 9.8 | 9y ago | Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or exe… | |||
| CVE-2017-16570 | high | 8.8 | 9.8 | 9y ago | Cross-Site Request Forgery (CSRF) in keystone | |||
| CVE-2017-16524 | high | 8.8 | 9.8 | 9y ago | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrar… | |||
| CVE-2017-16542 | high | 8.8 | 9.8 | 9y ago | Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | |||
| CVE-2017-16352 | high | 8.8 | 9.8 | 9y ago | GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. … | |||
| CVE-2017-16244 | high | 8.8 | 9.8 | 9y ago | October CMS CSRF | |||
| CVE-2017-7411 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value tha… | |||
| CVE-2017-15957 | high | 8.8 | 9.8 | 9y ago | my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | |||
| CVE-2017-15879 | high | 8.8 | 9.8 | 9y ago | Keystone is vulnerable to CSV injection | |||
| CVE-2017-13772 | high | 8.8 | 9.8 | 9y ago | Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRp… | |||
| CVE-2017-15808 | high | 8.8 | 9.8 | 9y ago | In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | |||
| CVE-2017-7117 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-15735 | high | 8.8 | 9.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | |||
| CVE-2017-15734 | high | 8.8 | 9.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | |||
| CVE-2017-15730 | high | 8.8 | 9.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | |||
| CVE-2017-15645 | high | 8.8 | 9.8 | 9y ago | CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | |||
| CVE-2017-15595 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via… | |||
| CVE-2017-15578 | high | 8.8 | 9.8 | 9y ago | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |||
| CVE-2017-15276 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |||
| CVE-2017-15013 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser… | |||
| CVE-2017-15012 | high | 8.8 | 9.8 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack… | |||
| CVE-2017-1000117 | high | 8.8 | 9.8 | 9y ago | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Suc… | |||
| CVE-2017-6090 | high | 8.8 | 9.8 | 9y ago | Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte… | |||
| CVE-2017-14848 | high | 8.8 | 9.8 | 9y ago | WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | |||
| CVE-2017-14758 | high | 8.8 | 9.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.… | |||
| CVE-2017-14757 | high | 8.8 | 9.8 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/down… | |||
| CVE-2017-14847 | high | 8.8 | 9.8 | 9y ago | Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14846 | high | 8.8 | 9.8 | 9y ago | Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14845 | high | 8.8 | 9.8 | 9y ago | Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14844 | high | 8.8 | 9.8 | 9y ago | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |||
| CVE-2017-14843 | high | 8.8 | 9.8 | 9y ago | Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14842 | high | 8.8 | 9.8 | 9y ago | Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |||
| CVE-2017-14840 | high | 8.8 | 9.8 | 9y ago | TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | |||
| CVE-2017-14839 | high | 8.8 | 9.8 | 9y ago | TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | |||
| CVE-2017-14838 | high | 8.8 | 9.8 | 9y ago | TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | |||
| CVE-2017-14704 | high | 8.8 | 9.8 | 9y ago | Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code … | |||
| CVE-2017-12929 | high | 8.8 | 9.8 | 9y ago | Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | |||
| CVE-2017-0781 | high | 8.8 | 9.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. | |||
| CVE-2017-8682 | high | 8.8 | 9.8 | 9y ago | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 20… | |||
| CVE-2017-13713 | high | 8.8 | 9.8 | 9y ago | T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | |||
| CVE-2017-11567 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to… | |||
| CVE-2017-12763 | high | 8.8 | 9.8 | 9y ago | An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | |||
| CVE-2017-12970 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts… | |||
| CVE-2017-11610 | high | 8.8 | 9.8 | 9y ago | The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC req… | |||
| CVE-2017-6328 | high | 8.8 | 9.8 | 9y ago | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious… | |||
| CVE-2017-3106 | high | 8.8 | 9.8 | 9y ago | Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11741 | high | 8.8 | 9.8 | 9y ago | HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges b… | |||
| CVE-2017-10204 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |||
| CVE-2017-10129 | high | 8.8 | 9.8 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows l… | |||
| CVE-2017-12479 | high | 8.8 | 9.8 | 9y ago | It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege use… | |||
| CVE-2017-11392 | high | 8.8 | 9.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |||
| CVE-2017-11391 | high | 8.8 | 9.8 | 9y ago | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… | |||
| CVE-2017-7442 | high | 8.8 | 9.8 | 9y ago | Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | |||
| CVE-2017-9614 | high | 8.8 | 9.8 | 9y ago | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified oth… | |||
| CVE-2017-9413 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a p… | |||
| CVE-2017-7061 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7056 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7049 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7048 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7047 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involve… | |||
| CVE-2017-7046 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7043 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7042 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7041 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7040 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7039 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7037 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-7018 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affe… | |||
| CVE-2017-6320 | high | 8.8 | 9.8 | 9y ago | A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in whic… | |||
| CVE-2017-9810 | high | 8.8 | 9.8 | 9y ago | There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacke… |