CVEs from 2017

11,611 normalized CVEs published or assigned in this year.

Total

11,611

critical

critical 1,650

high

high 5,043

medium

medium 4,169

low

low 159

% Critical

14.2%

% with KEV

0.7%

% with exploit

9.9%

Top vendors

ibm 4,028
oracle 3,390
intel 2,543
apache 1,517
imagemagick 1,426
cisco 1,376
f5 1,265
microsoft 1,181

Top products

imagemagick 1,426
joomla\! 932
kanboard 848
ntp 762
tomcat 676
mahara 572
postgresql 492
asterisk 435

Top packages

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2017-7494	high	—	10.0				3y ago	Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
CVE-2017-8291	high	—	10.0				4y ago	Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
CVE-2017-16651	high	—	10.0				5y ago	Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.