VIR Vulnerability Intelligence Relay

CVEs from 2017

11,610 normalized CVEs published or assigned in this year.

Total
11,610
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%

Top vendors

Top products

  • imagemagick 1,426
  • joomla\! 932
  • kanboard 848
  • ntp 762
  • tomcat 676
  • mahara 572
  • postgresql 492
  • asterisk 435

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-3141 unknown 1.0 The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9,…
CVE-2017-13216 unknown 1.0 In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged…
CVE-2017-2619 unknown 1.0 Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
CVE-2017-14798 unknown 1.0
CVE-2017-15118 unknown 1.0 A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be li…
CVE-2017-15367 unknown 1.0 4y ago Bacula-web SQL Injection Vulnerabilities
CVE-2017-1000499 unknown 1.0 4y ago phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as dele…
CVE-2017-18357 unknown 1.0 4y ago Shopware XXE Vulnerability
CVE-2017-8046 unknown 1.0 4y ago Remote code execution in PATCH requests in Spring Data REST
CVE-2017-16086 unknown 1.0 8y ago ReDoS via long UserAgent header in ua-parser