CVEs from 2017
Total
11,611
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5607 | low | 3.5 | 4.5 | 9y ago | Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 a… | |||
| CVE-2017-5930 | low | 2.7 | 3.7 | 9y ago | The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission ch… | |||
| CVE-2017-7921 | unknown | — | 2.5 | 3mo ago | Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. | |||
| CVE-2017-3066 | unknown | — | 2.5 | 1y ago | Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution. | |||
| CVE-2017-1000253 | unknown | — | 2.5 | 2y ago | Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges. | |||
| CVE-2017-6884 | unknown | — | 2.5 | 3y ago | Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious… | |||
| CVE-2017-18368 | unknown | — | 2.5 | 3y ago | Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host param… | |||
| CVE-2017-11357 | unknown | — | 2.5 | 3y ago | Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution. | |||
| CVE-2017-5521 | unknown | — | 2.5 | 4y ago | Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server. | |||
| CVE-2017-15944 | unknown | — | 2.5 | 4y ago | Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained. | |||
| CVE-2017-0147 | unknown | — | 2.5 | 4y ago | The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet. | |||
| CVE-2017-12617 | unknown | — | 2.5 | 4y ago | When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the serv… | |||
| CVE-2017-9791 | unknown | — | 2.5 | 4y ago | The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. | |||
| CVE-2017-1000353 | unknown | — | 2.5 | 4y ago | Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would… | |||
| CVE-2017-11317 | unknown | — | 2.5 | 4y ago | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | |||
| CVE-2017-0148 | unknown | — | 2.5 | 4y ago | The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets. | |||
| CVE-2017-0037 | unknown | — | 2.5 | 4y ago | Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. | |||
| CVE-2017-0059 | unknown | — | 2.5 | 4y ago | Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site. | |||
| CVE-2017-0213 | unknown | — | 2.5 | 4y ago | Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application. | |||
| CVE-2017-6334 | unknown | — | 2.5 | 4y ago | dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands | |||
| CVE-2017-6316 | unknown | — | 2.5 | 4y ago | A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthent… | |||
| CVE-2017-3881 | unknown | — | 2.5 | 4y ago | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected … | |||
| CVE-2017-0146 | unknown | — | 2.5 | 4y ago | The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution. | |||
| CVE-2017-0101 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. | |||
| CVE-2017-6077 | unknown | — | 2.5 | 4y ago | NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution. | |||
| CVE-2017-6736 | unknown | — | 2.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |||
| CVE-2017-8540 | unknown | — | 2.5 | 4y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8570 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. | |||
| CVE-2017-0144 | unknown | — | 2.5 | 4y ago | The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | |||
| CVE-2017-8464 | unknown | — | 2.5 | 4y ago | Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file | |||
| CVE-2017-0145 | unknown | — | 2.5 | 4y ago | The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | |||
| CVE-2017-0263 | unknown | — | 2.5 | 4y ago | Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory. | |||
| CVE-2017-10271 | unknown | — | 2.5 | 4y ago | Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution. | |||
| CVE-2017-5689 | unknown | — | 2.5 | 4y ago | Intel products contain a vulnerability which can allow attackers to perform privilege escalation. | |||
| CVE-2017-17562 | unknown | — | 2.5 | 5y ago | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | |||
| CVE-2017-12149 | unknown | — | 2.5 | 5y ago | The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. | |||
| CVE-2017-8759 | unknown | — | 2.5 | 5y ago | Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. | |||
| CVE-2017-0143 | unknown | — | 2.5 | 5y ago | Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2017-7269 | unknown | — | 2.5 | 5y ago | Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If… | |||
| CVE-2017-11882 | unknown | — | 2.5 | 5y ago | Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user. | |||
| CVE-2017-0199 | unknown | — | 2.5 | 5y ago | Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution. | |||
| CVE-2017-6327 | unknown | — | 2.5 | 5y ago | Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform p… | |||
| CVE-2017-9248 | unknown | — | 2.5 | 5y ago | Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey… | |||
| CVE-2017-1000486 | unknown | — | 2.5 | 5y ago | Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution | |||
| CVE-2017-5638 | unknown | — | 2.5 | 8y ago | Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution. | |||
| CVE-2017-12615 | unknown | — | 2.5 | 8y ago | When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it conta… | |||
| CVE-2017-9805 | unknown | — | 2.5 | 8y ago | Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads. | |||
| CVE-2017-9822 | unknown | — | 2.5 | 8y ago | DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization. | |||
| CVE-2017-15118 | unknown | — | 1.0 | — | A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be li… | |||
| CVE-2017-13216 | unknown | — | 1.0 | — | In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged… | |||
| CVE-2017-18344 | unknown | — | 1.0 | — | The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access… | |||
| CVE-2017-2619 | unknown | — | 1.0 | — | Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. | |||
| CVE-2017-8046 | unknown | — | 1.0 | 4y ago | Remote code execution in PATCH requests in Spring Data REST |